1. Home
  2. CVE Database
  3. CVE-2022-50794
CRITICAL · 9.8

CVE-2022-50794

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by inje...

Vulnerability Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Sound4Impact Firmware2.15
Sound4Impact2.0
Sound4Pulse Firmware2.15
Sound4Pulse2.0
Sound4First Firmware2.15
Sound4First2.0
Sound4Impact Eco Firmware1.16
Sound4Impact Eco-
Sound4Pulse Eco Firmware1.16
Sound4Pulse Eco-
Sound4Big Voice4 Firmware1.2
Sound4Big Voice4-
Sound4Big Voice2 Firmware1.30
Sound4Big Voice2-
Sound4Wm2 Firmware1.11
Sound4Wm2-
Sound4Stream Extension2.4.29

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2022-50794?

CVE-2022-50794 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by inje...

How severe is CVE-2022-50794?

CVE-2022-50794 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-50794?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.