CVE-2022-50796

CriticalPublic PoC

Published: 30 December 2025

Published

30 December 2025

Modified

16 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0111 78.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code…

execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents path traversal exploitation in the upload.cgi firmware upload by validating inputs such as file paths to ensure only legitimate locations are written to.

SI-2 Flaw Remediation good match

prevent

Remediates the specific path traversal flaw in firmware versions <=2.x through timely application of vendor-provided security updates.

AC-3 Access Enforcement good match

prevent

Enforces access control to require authentication for the firmware upload functionality, blocking unauthenticated remote exploitation attempts.

Security SummaryAI

CVE-2022-50796 is an unauthenticated remote code execution vulnerability affecting SOUND4 IMPACT, FIRST, PULSE, and Eco devices running firmware versions 2.x and below. The issue stems from a path traversal flaw (CWE-22) in the firmware upload functionality, specifically the upload.cgi script, which allows attackers to write arbitrary files to the system with www-data permissions.

Attackers with network access can exploit this vulnerability without authentication, privileges, or user interaction, requiring only low attack complexity. Successful exploitation grants unauthorized access and enables remote code execution, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), resulting in high confidentiality, integrity, and availability impacts.

Advisories detailing the vulnerability and potential mitigations are available from sources including IBM X-Force Exchange, Packet Storm Security, VulnCheck, and Zero Science Labs. The vendor website at sound4.com is also referenced for further information.

Details

CWE(s): CWE-22

Affected Products

sound4

impact firmware

1.69, 2.15

sound4

pulse firmware

1.69, 2.15

sound4

first firmware

1.69, 2.15

sound4

impact eco firmware

1.16

sound4

pulse eco firmware

1.16

sound4

big voice4 firmware

1.2

sound4

big voice2 firmware

1.30

sound4

wm2 firmware

1.11

sound4

stream extension

2.4.29

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an unauthenticated RCE in a public-facing web application (upload.cgi) via path traversal, directly enabling exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/247951
Third Party Advisory · disclosure@vulncheck.com
https://packetstormsecurity.com/files/170268/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-upload.cgi-Code-Execution.html
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.sound4.com/
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-remote-code-execution-via-uploadcgi
Third Party Advisory · disclosure@vulncheck.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5741.php
Exploit, Third Party Advisory · disclosure@vulncheck.com