Cyber Posture

CVE-2022-50696

CriticalPublic PoC

Published: 30 December 2025

Published
30 December 2025
Modified
16 January 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0037 59.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without…

more

requiring user interaction.

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match
prevent

IA-5 requires verification, issuance, storage, generation, alteration, and destruction of authenticators, directly preventing the embedding and use of unmodifiable hardcoded credentials in system binaries.

SI-2 Flaw Remediation good match
preventrecover

SI-2 mandates identification, reporting, and timely remediation of system flaws, directly addressing the hardcoded credentials vulnerability through patching or replacement.

SC-7 Boundary Protection good match
preventdetect

SC-7 monitors and controls communications at system boundaries, preventing remote network-based exploitation of the hardcoded credentials by restricting access to the vulnerable server service.

Security SummaryAI

CVE-2022-50696 is a critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) classified under CWE-798, involving hardcoded credentials embedded in the server binaries of SOUND4 IMPACT, FIRST, PULSE, and Eco devices running versions 2.x and below. These static credentials cannot be modified through normal device operations and affect the software across both Linux and Windows distributions.

Remote attackers can exploit this vulnerability without privileges or user interaction by leveraging the known hardcoded credentials to gain unauthorized access to the affected devices over the network. Exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing full control over the targeted systems.

Advisories detailing the issue are available from sources including IBM XForce Exchange (https://exchange.xforce.ibmcloud.com/vulnerabilities/247949), Packet Storm Security (https://packetstormsecurity.com/files/170256/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Hardcoded-Credentials.html), Vulncheck (https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-hardcoded-credentials-authentication-bypass), and Zero Science Lab (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5729.php), along with the vendor site (https://www.sound4.com/). No specific patches or mitigations are detailed in the CVE description.

Details

CWE(s)
CWE-798

Affected Products

sound4
first firmware
1.69, 2.15
sound4
impact eco firmware
1.16
sound4
pulse eco firmware
1.16
sound4
big voice4 firmware
1.2
sound4
big voice2 firmware
1.30
sound4
wm2 firmware
1.11
sound4
impact firmware
1.69, 2.15
sound4
pulse firmware
1.69, 2.15
sound4
stream extension
2.4.29

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
Why these techniques?

Hardcoded credentials enable remote unauthenticated access to public-facing device servers, directly facilitating Exploit Public-Facing Application (T1190) and use of Default Accounts (T1078.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References