📦 Pulse Eco Firmware

This vulnerability allows unauthenticated attackers to execute arbitrary system commands on SOUND4 IMPACT/FIRST/PULSE/Eco systems by injecting shell commands through the username parameter in login sc...

This vulnerability allows unauthenticated attackers to execute arbitrary code on SOUND4 IMPACT/FIRST/PULSE/Eco systems by exploiting a path traversal flaw in the firmware upload functionality. Attacke...

SOUND4 IMPACT/FIRST/PULSE/Eco devices versions 2.x and below contain hardcoded credentials in server binaries that cannot be changed through normal operations. Attackers can use these static credentia...

This SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems allows attackers to bypass authentication and potentially access sensitive database information by injecting malicious SQL cod...

This SQL injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x allows attackers to bypass authentication by injecting malicious SQL code through the password parameter. Attackers can ga...

CVE-2023-53963 is an unauthenticated remote command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x systems. Attackers can execute arbitrary shell commands with web server privileges by ...

This vulnerability allows unauthenticated remote attackers to send a POST request to the /usr/cgi-bin/restorefactory.cgi endpoint to trigger a factory reset on SOUND4 IMPACT/FIRST/PULSE/Eco devices. T...

This CVE describes an insecure direct object reference vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x systems that allows attackers to bypass authorization controls. By manipulating user-supplied...

This vulnerability allows remote attackers to read arbitrary files on SOUND4 IMPACT/FIRST/PULSE/Eco devices without authentication by manipulating the 'file' GET parameter. Attackers can access sensit...

This vulnerability allows authenticated attackers to execute arbitrary system commands on SOUND4 IMPACT/FIRST/PULSE/Eco systems through command injection in the www-data-handler.php script. Attackers ...

CVE-2022-50795 is a conditional command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems up to version 2.x. Unauthenticated attackers can execute arbitrary commands via a single HTTP P...

CVE-2022-50787 is an unauthenticated stored cross-site scripting vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco software versions 2.x. Attackers can inject malicious scripts via the username parameter...

CVE-2022-50788 is an information disclosure vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems that allows unauthenticated attackers to access sensitive log files by directly browsing the /log dir...

This is a command injection vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco systems up to version 2.x. Local authenticated users can create malicious files in /tmp, then unauthenticated attackers can t...

This vulnerability allows unauthenticated remote attackers to access live radio stream information from SOUND4 IMPACT/FIRST/PULSE/Eco systems. Attackers can exploit specific web scripts to disclose ra...

This vulnerability allows unauthenticated attackers to execute arbitrary commands on SOUND4 IMPACT/FIRST/PULSE/Eco systems by sending a single HTTP POST request to the ping.php script. Attackers can c...

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below have insufficient session expiration, allowing attackers to reuse old session credentials. This enables session hijacking and unauthorized access t...

This vulnerability allows unauthenticated attackers to abuse network diagnostic scripts (ping.php, traceroute.php, dns.php) in SOUND4 products to launch ICMP flood attacks against arbitrary external h...

CVE-2023-53965 is an unquoted service path vulnerability in SOUND4 Server Service 4.1.102 that allows local non-privileged users to escalate privileges to LocalSystem level. Attackers can place malici...

CVE-2023-53962 is an unauthenticated directory traversal vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco v2.x that allows remote attackers to write arbitrary files to unintended system locations via cr...

This cross-site request forgery (CSRF) vulnerability in SOUND4 radio processing software allows attackers to trick authenticated administrators into performing unintended administrative actions. Attac...