Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50796 | 1 Sound4 | 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more | 2026-02-18 | 9.8 Critical |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code execution. | ||||
| CVE-2022-50694 | 1 Sound4 | 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more | 2026-02-18 | 9.8 Critical |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access unauthorized database information. | ||||
| CVE-2022-50695 | 1 Sound4 | 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more | 2026-02-18 | 7.5 High |
| SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting external hosts. | ||||
| CVE-2022-50692 | 1 Sound4 | 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more | 2026-01-20 | 7.5 High |
| SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions and gain unauthorized access to the application. | ||||
| CVE-2022-50790 | 1 Sound4 | 21 Big Voice2, Big Voice2 Firmware, Big Voice4 and 18 more | 2026-01-16 | 7.5 High |
| SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication. | ||||
Page 1 of 1.