Cyber Resilience

CVE-2022-50796

CriticalPublic PoC

Published: 30 December 2025

Published
30 December 2025
Modified
16 January 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0144 69.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2022-50796 is a critical-severity Path Traversal (CWE-22) vulnerability in Sound4 Impact Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2022-50796 is an unauthenticated remote code execution vulnerability affecting SOUND4 IMPACT, FIRST, PULSE, and Eco devices running firmware versions 2.x and below. The issue stems from a path traversal flaw (CWE-22) in the firmware upload functionality, specifically the upload.cgi script, which allows attackers to write arbitrary files to the system with www-data permissions.

Attackers with network access can exploit this vulnerability without authentication, privileges, or user interaction, requiring only low attack complexity. Successful exploitation grants unauthorized access and enables remote code execution, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), resulting in high confidentiality, integrity, and availability impacts.

Advisories detailing the vulnerability and potential mitigations are available from sources including IBM X-Force Exchange, Packet Storm Security, VulnCheck, and Zero Science Labs. The vendor website at sound4.com is also referenced for further information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized access and code…

more

execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an unauthenticated RCE in a public-facing web application (upload.cgi) via path traversal, directly enabling exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2023-53962Same product: Sound4 Big Voice2
CVE-2023-53964Same product: Sound4 Big Voice2
CVE-2022-50792Same product: Sound4 Big Voice2
CVE-2023-53955Same product: Sound4 Big Voice2
CVE-2023-53960Same product: Sound4 Big Voice2
CVE-2023-53963Same product: Sound4 Big Voice2
CVE-2022-50696Same product: Sound4 Big Voice2
CVE-2022-50794Same product: Sound4 Big Voice2
CVE-2022-50795Same product: Sound4 Big Voice2
CVE-2022-50793Same product: Sound4 Big Voice2

Affected Assets

sound4
impact firmware
1.69, 2.15
sound4
pulse firmware
1.69, 2.15
sound4
first firmware
1.69, 2.15
sound4
impact eco firmware
1.16
sound4
pulse eco firmware
1.16
sound4
big voice4 firmware
1.2
sound4
big voice2 firmware
1.30
sound4
wm2 firmware
1.11
sound4
stream extension
2.4.29

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents path traversal exploitation in the upload.cgi firmware upload by validating inputs such as file paths to ensure only legitimate locations are written to.

prevent

Remediates the specific path traversal flaw in firmware versions <=2.x through timely application of vendor-provided security updates.

prevent

Enforces access control to require authentication for the firmware upload functionality, blocking unauthenticated remote exploitation attempts.

References