CVE-2022-50790
Unauthenticated Information Disclosure in SOUND4 Radio Stream Scripts
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sound4 | eco | 2.* |
| sound4 | impact | 2.* |
| sound4 | first | 2.* |
| sound4 | pulse | 2.* |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below, where remote attackers can access live radio stream information without authentication by exploiting specific webplay or ffmpeg scripts. Essentially, attackers can call certain web scripts to disclose radio stream details without needing to log in or provide credentials.
How can this vulnerability impact me? :
The vulnerability allows unauthorized remote attackers to access live radio stream information, which could lead to information disclosure. This could potentially be used to gather sensitive streaming data or disrupt service confidentiality, impacting the privacy and security of the streaming platform.