CVE-2022-50696

CRITICAL

SOUND4 IMPACT/FIRST/PULSE/Eco <2 - Info Disclosure

Title source: llm

Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without requiring user interaction.

References (5)

[Third Party Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/247949

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/170256/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Hardcoded-Credentials.html

[Product] https://www.sound4.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-hardcoded-credentials-authentication-bypass

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5729.php

Scores

CVSS v3 9.8

EPSS 0.0029

EPSS Percentile 51.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-798

Status published

Affected Products (12)

sound4/first_firmware

sound4/first_firmware

sound4/impact_eco_firmware

sound4/pulse_eco_firmware

sound4/big_voice4_firmware

sound4/big_voice2_firmware

sound4/wm2_firmware

sound4/impact_firmware

sound4/impact_firmware

sound4/pulse_firmware

sound4/pulse_firmware

sound4/stream_extension

Timeline

Published Dec 30, 2025

Tracked Since Feb 18, 2026