CVE-2022-50694 — CRITICAL (9.8)

Q: How severe is CVE-2022-50694?

CVE-2022-50694 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-50694?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.

Vulnerability Description

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access unauthorized database information.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sound4	Impact Firmware	2.15
Sound4	Impact	2.0
Sound4	Pulse Firmware	2.15
Sound4	Pulse	2.0
Sound4	First Firmware	2.15
Sound4	First	2.0
Sound4	Impact Eco Firmware	1.16
Sound4	Impact Eco	-
Sound4	Pulse Eco Firmware	1.16
Sound4	Pulse Eco	-
Sound4	Big Voice4 Firmware	1.2
Sound4	Big Voice4	-
Sound4	Big Voice2 Firmware	1.30
Sound4	Big Voice2	-
Sound4	Wm2 Firmware	1.11
Sound4	Wm2	-
Sound4	Stream Extension	2.4.29

Related Weaknesses (CWE)

CWE-89

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/247947Third Party Advisory
https://packetstormsecurity.com/files/170254/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-uExploitThird Party AdvisoryVDB Entry
https://www.sound4.com/Product
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-sql-injection-vThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5727.phpExploitThird Party Advisory

FAQ

What is CVE-2022-50694?

CVE-2022-50694 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arb...

How severe is CVE-2022-50694?

CVE-2022-50694 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-50694?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.