Sound4

Wm2 Firmware

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-50796

Exploit
  • EPSS 2.57%
  • Veröffentlicht 30.12.2025 22:41:39
  • Zuletzt bearbeitet 16.01.2026 19:16:12

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with...

7.8

CVE-2022-50795

Exploit
  • EPSS 0.86%
  • Veröffentlicht 30.12.2025 22:41:39
  • Zuletzt bearbeitet 16.01.2026 19:16:12

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP P...

9.8

CVE-2022-50794

Exploit
  • EPSS 1.46%
  • Veröffentlicht 30.12.2025 22:41:38
  • Zuletzt bearbeitet 13.01.2026 14:34:19

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP PO...

8.8

CVE-2022-50793

Exploit
  • EPSS 0.63%
  • Veröffentlicht 30.12.2025 22:41:38
  • Zuletzt bearbeitet 13.01.2026 14:36:09

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnera...

7.5

CVE-2022-50792

Exploit
  • EPSS 0.46%
  • Veröffentlicht 30.12.2025 22:41:37
  • Zuletzt bearbeitet 16.01.2026 19:16:11

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parame...

7.8

CVE-2022-50791

Exploit
  • EPSS 2.17%
  • Veröffentlicht 30.12.2025 22:41:37
  • Zuletzt bearbeitet 16.01.2026 19:16:11

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP P...

7.5

CVE-2022-50790

Exploit
  • EPSS 0.34%
  • Veröffentlicht 30.12.2025 22:41:37
  • Zuletzt bearbeitet 16.01.2026 19:16:11

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling s...

7.8

CVE-2022-50789

Exploit
  • EPSS 0.7%
  • Veröffentlicht 30.12.2025 22:41:36
  • Zuletzt bearbeitet 16.01.2026 19:16:11

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory with .dns.pid extension. Unauthenticated attackers can execute the malicious commands...

7.5

CVE-2022-50788

Exploit
  • EPSS 0.51%
  • Veröffentlicht 30.12.2025 22:41:36
  • Zuletzt bearbeitet 13.01.2026 15:09:38

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information wi...

9.8

CVE-2022-50696

Exploit
  • EPSS 0.28%
  • Veröffentlicht 30.12.2025 22:41:35
  • Zuletzt bearbeitet 16.01.2026 19:16:11

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to th...