← volver
CVE-2022-50796

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Remote Code Execution via upload.cgi

CVSS 9.3 CRITICALEPSS 1.4%CWE-22
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.3EPSS 1.4%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
30 dic 2025Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code execution.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Kantar Media · WM2SOUND4 Ltd. · BigVoice2SOUND4 Ltd. · BigVoice4SOUND4 Ltd. · Impact/Pulse EcoSOUND4 Ltd. · Impact/Pulse/FirstSOUND4 Ltd. · Stream
PoCs públicas encontradas1
cve_referencepacketstormsecurity.com/files/170268/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-upload.cgi-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://exchange.xforce.ibmcloud.com/vulnerabilities/247951https://packetstormsecurity.com/files/170268/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-upload.cgi-Code-Execution.htmlhttps://www.sound4.com/https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-remote-code-execution-via-uploadcgihttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5741.php