Sound4 Big Voice2 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sound4 Big Voice2 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2022-50794 — CVSS 9.8 (critical): SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter…
CVE-2022-50694 — CVSS 9.8 (critical): SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows…
CVE-2023-53964 — CVSS 9.8 (critical): SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows…
CVE-2022-50696 — CVSS 9.8 (critical): SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain hardcoded credentials embedded in server binaries that cannot be modified…
CVE-2023-53963 — CVSS 9.8 (critical): SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute…
CVE-2023-53960 — CVSS 9.8 (critical): SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows…
CVE-2023-53955 — CVSS 9.8 (critical): SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization…
CVE-2022-50796 — CVSS 9.8 (critical): SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality…
CVE-2022-50793 — CVSS 8.8 (high): SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that…
CVE-2022-50791 — CVSS 7.8 (high): SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create…
CVE-2022-50789 — CVSS 7.8 (high): SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a command injection vulnerability that allows local authenticated users to create malicious…
CVE-2022-50795 — CVSS 7.8 (high): SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains a conditional command injection vulnerability that allows local authenticated users to create…
CVE-2022-50788 — CVSS 7.5 (high): SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access…
CVE-2022-50695 — CVSS 7.5 (high): SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to…
CVE-2022-50692 — CVSS 7.5 (high): SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to…
CVE-2022-50790 — CVSS 7.5 (high): SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live…
CVE-2023-53962 — CVSS 7.5 (high): SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write…
CVE-2022-50792 — CVSS 7.5 (high): SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers…
CVE-2022-50787 — CVSS 7.2 (high): SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter…
CVE-2023-53961 — CVSS 4.3 (medium): SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains a cross-site request forgery vulnerability that allows attackers to perform administrative…