CVE-2022-50694

CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x - SQL Injection

Title source: llm
STIX 2.1

Description

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access unauthorized database information.

Scores

CVSS v3 9.8
EPSS 0.0081
EPSS Percentile 52.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (12)
sound4/big_voice2_firmware 1.30
sound4/big_voice4_firmware 1.2
sound4/first_firmware 2.15
sound4/first_firmware 1.69
sound4/impact_eco_firmware 1.16
sound4/impact_firmware 2.15
sound4/impact_firmware 1.69
sound4/pulse_eco_firmware 1.16
sound4/pulse_firmware 2.15
sound4/pulse_firmware 1.69
... and 2 more
Published Dec 30, 2025
Tracked Since Feb 18, 2026