CVE-2022-50790

HIGH

SOUND4 IMPACT/FIRST/PULSE/Eco <2 - Info Disclosure

Title source: llm

Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web scripts to disclose radio stream details without requiring authentication.

References (5)

[Third Party Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/247923

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/170261/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Radio-Steam-Disclosure.html

[Product] https://www.sound4.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-radio-stream-disclosure

[Exploit, Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5734.php

Scores

CVSS v3 7.5

EPSS 0.0036

EPSS Percentile 57.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-306

Status published

Affected Products (12)

sound4/impact_firmware

sound4/impact_firmware

sound4/pulse_firmware

sound4/pulse_firmware

sound4/first_firmware

sound4/first_firmware

sound4/impact_eco_firmware

sound4/pulse_eco_firmware

sound4/big_voice4_firmware

sound4/big_voice2_firmware

sound4/wm2_firmware

sound4/stream_extension

Timeline

Published Dec 30, 2025

Tracked Since Feb 18, 2026