CVE-2022-50696

critical

Description

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified through normal device operations. Attackers can leverage these static credentials to gain unauthorized access to the device across Linux and Windows distributions without requiring user interaction.

References

https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-hardcoded-credentials-authentication-bypass

https://exchange.xforce.ibmcloud.com/vulnerabilities/247949

https://packetstormsecurity.com/files/170256/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Hardcoded-Credentials.html

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5729.php

https://www.sound4.com/

Details

Source: Mitre, NVD

Published: 2025-12-30

Updated: 2026-01-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00033