CVE-2022-50792

Sažetak

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/247916
https://packetstormsecurity.com/files/170263/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Unauthenticated-File-Disclosure.html
https://www.sound4.com/
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-file-disclosure-vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5736.php

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

16-01-2026 - 19:16

Objavljeno

30-12-2025 - 23:15