CVE-2022-50790
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to access live radio stream information from SOUND4 IMPACT/FIRST/PULSE/Eco systems. Attackers can exploit specific web scripts to disclose radio stream details without requiring any authentication. Organizations using affected SOUND4 products versions 2.x and below are vulnerable.
💻 Affected Systems
- SOUND4 IMPACT
- SOUND4 FIRST
- SOUND4 PULSE
- SOUND4 Eco
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map all radio streams, potentially identifying sensitive broadcast content, operational patterns, or using this information for further attacks against broadcast infrastructure.
Likely Case
Unauthorized access to radio stream metadata and potentially stream content, enabling information gathering about broadcast operations.
If Mitigated
Limited to information disclosure only if proper network segmentation and access controls prevent external access to vulnerable interfaces.
🎯 Exploit Status
Exploitation requires simple HTTP requests to specific web scripts (webplay or ffmpeg). Public proof-of-concept details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: https://www.sound4.com/
Restart Required: No
Instructions:
Check vendor website for security updates. Consider upgrading to version 3.x or later if available.
🔧 Temporary Workarounds
Network Access Control
allRestrict network access to SOUND4 web interfaces to authorized IP addresses only
Authentication Enforcement
allImplement reverse proxy with authentication in front of SOUND4 web interface
🧯 If You Can't Patch
- Isolate SOUND4 systems on separate network segments with strict firewall rules
- Monitor for unauthorized access attempts to webplay and ffmpeg scripts
🔍 How to Verify
Check if Vulnerable:
Attempt to access webplay or ffmpeg scripts without authentication. Example: curl http://[target]/webplay or similar endpoint.Check Version:
Check product version in web interface or system configuration. Vendor-specific command not documented.Verify Fix Applied:
Verify authentication is required for webplay/ffmpeg scripts and unauthorized access returns proper authentication error.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to webplay or ffmpeg scripts
- Multiple failed authentication attempts followed by successful script access
Network Indicators:
- HTTP requests to webplay/ffmpeg endpoints without authentication headers
- Unusual traffic patterns to radio stream management interfaces
SIEM Query:
source_ip=* AND (url_path="*webplay*" OR url_path="*ffmpeg*") AND NOT auth_success=true🔗 References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/247923
- https://packetstormsecurity.com/files/170261/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Radio-Steam-Disclosure.html
- https://www.sound4.com/
- https://www.vulncheck.com/advisories/sound-impactfirstpulseeco-x-unauthenticated-radio-stream-disclosure
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5734.php
