8 matches found
CVE-2022-50796
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized...
CVE-2022-50791
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the vulnerable ping.php script,...
CVE-2022-50796 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Remote Code Execution via upload.cgi
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an unauthenticated remote code execution vulnerability in the firmware upload functionality with path traversal flaw. Attackers can exploit the upload.cgi script to write malicious files to the system with www-data permissions, enabling unauthorized...
CVE-2022-50796
CVE-2022-50796 affects SOUND4 IMPACT/FIRST/PULSE/Eco 2.x and earlier via an unauthenticated remote code execution flaw in the firmware upload function. The vulnerability is a path traversal in upload.cgi that lets an attacker write malicious files to the system with www-data permissions, enabling...
CVE-2022-50696
CVE-2022-50696 affects SOUND4 IMPACT/FIRST/PULSE/ Eco v2.x and earlier. The root cause is hardcoded credentials embedded in the device server binaries, which cannot be modified through normal device operations. This creates a vulnerability where attackers could gain unauthorized access across Lin...
CVE-2023-53964
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass...
CVE-2023-53964
The CVE-2023-53964 entry concerns SOUND4 IMPACT/FIRST/PULSE/Eco v2.x. The vulnerability is an unauthenticated factory-reset flaw in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to trigger a device factory reset by sending a crafted POST request, bypassing authenticati...
CVE-2023-53962 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x Unauthenticated Directory Traversal File Write
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...