CVE-2022-50792
Severity CVSS v4.0:
HIGH
Type:
CWE-22
Path Traversal
Publication date:
30/12/2025
Last modified:
16/01/2026
Description
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device.
Impact
Base Score 4.0
8.70
Severity 4.0
HIGH
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:first:2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:first_firmware:1.69:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:first:1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:impact_eco_firmware:1.16:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sound4:impact_eco:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sound4:pulse_eco_firmware:1.16:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://exchange.xforce.ibmcloud.com/vulnerabilities/247916
- https://packetstormsecurity.com/files/170263/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Unauthenticated-File-Disclosure.html
- https://www.sound4.com/
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-file-disclosure-vulnerability
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5736.php