Filtered by vendor Sound4
Subscribe
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-50794 | 1 Sound4 | 17 Big Voice2, Big Voice2 Firmware, Big Voice4 and 14 more | 2026-01-13 | N/A | 9.8 CRITICAL |
| SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands. | |||||
| CVE-2025-63220 | 1 Sound4 | 2 First, First Firmware | 2026-01-08 | N/A | 7.2 HIGH |
| The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. | |||||
| CVE-2023-53966 | 1 Sound4 | 1 Linkandshare Transmitter | 2025-12-31 | N/A | 9.8 CRITICAL |
| SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application. | |||||
| CVE-2025-57431 | 1 Sound4 | 2 Pulse-eco Aes67, Pulse-eco Aes67 Firmware | 2025-10-14 | N/A | 8.8 HIGH |
| The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware. | |||||