CVE-2022-50796 — CRITICAL (9.8)

Q: How severe is CVE-2022-50796?

CVE-2022-50796 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-50796?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.

Vulnerability Description

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code execution.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sound4	Impact Firmware	2.15
Sound4	Impact	2.0
Sound4	Pulse Firmware	2.15
Sound4	Pulse	2.0
Sound4	First Firmware	2.15
Sound4	First	2.0
Sound4	Impact Eco Firmware	1.16
Sound4	Impact Eco	-
Sound4	Pulse Eco Firmware	1.16
Sound4	Pulse Eco	-
Sound4	Big Voice4 Firmware	1.2
Sound4	Big Voice4	-
Sound4	Big Voice2 Firmware	1.30
Sound4	Big Voice2	-
Sound4	Wm2 Firmware	1.11
Sound4	Wm2	-
Sound4	Stream Extension	2.4.29

Related Weaknesses (CWE)

CWE-22

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/247951Third Party Advisory
https://packetstormsecurity.com/files/170268/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-uExploitThird Party AdvisoryVDB Entry
https://www.sound4.com/Product
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticatedThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5741.phpExploitThird Party Advisory

FAQ

What is CVE-2022-50796?

CVE-2022-50796 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi ...

How severe is CVE-2022-50796?

CVE-2022-50796 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-50796?

Check the references section above for vendor advisories and patch information. Affected products include: Sound4 Impact Firmware, Sound4 Impact, Sound4 Pulse Firmware, Sound4 Pulse, Sound4 First Firmware.