PT-2025-54244 · Pulse+3 · Pulse+3
Published
2025-12-30
·
Updated
2025-12-31
·
CVE-2022-50796
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier
Description
The software contains an unauthenticated remote code execution issue due to a path traversal flaw in the firmware upload functionality. The
upload.cgi script allows attackers to write malicious files to the system with www-data permissions, potentially leading to unauthorized access and code execution.Recommendations
Versions prior to 2.x should be updated.
Exploit
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eco
First
Pulse
Sound4 Impact