CVE-2022-50696

Critical CVSS: 9.3

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without requiring user interaction.

Vendor

Sound4

Product

First Firmware

CWE

CWE-798

Yayın Tarihi

2025-12-30 23:15:45

Güncelleme

2026-01-16 19:16:11

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-798 First Firmware CRITICAL Sound4 2025

Referanslar

https://exchange.xforce.ibmcloud.com/vulnerabilities/247949 https://packetstormsecurity.com/files/170256/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Hardcoded-Credentials.html https://www.sound4.com/ https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-hardcoded-credentials-authentication-bypass https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5729.php

Benzer Kayıtlar

High

CVE-2022-50792

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allow…

High

CVE-2022-50793

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50794

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the u…

High

CVE-2022-50795

SOUND4 IMPACT/FIRST/PULSE/Eco

Critical

CVE-2022-50796

SOUND4 IMPACT/FIRST/PULSE/Eco

Medium

CVE-2022-50787

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the…