This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OS Command Injection in Sound4 IMPACT v2.x. <br>π₯ **Consequences**: Attackers can inject malicious commands via the `password` parameter, leading to **Remote Code Execution (RCE)** on the target system.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: **CWE-78** (OS Command Injection). <br>π **Flaw**: The application fails to properly sanitize the `password` input before passing it to the OS, allowing command strings to be executed directly.
π **Privileges**: Likely **System/Root** level access depending on the service account. <br>π **Data**: Full control over the device, potential data exfiltration, and lateral movement within the network.
Q5Is exploitation threshold high? (Auth/Config)
π **Auth Status**: **Unauthenticated**. <br>π **Threshold**: **Low**. CVSS Vector `AV:N/AC:L/PR:N/UI:N` indicates no authentication or user interaction is needed to exploit.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exploit**: **Yes**. <br>π **Evidence**: ExploitDB ID **51173** is available. Zero Science Lab (ZSL-2022-5738) also disclosed details. Active exploitation is highly probable.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **Sound4 IMPACT** services on port 80/443. <br>π§ͺ **Test**: Attempt to inject shell commands (e.g., `; cat /etc/passwd`) into the `password` field of login/API endpoints.β¦
π₯ **Urgency**: **CRITICAL**. <br>π **Priority**: **Immediate Action**. Unauthenticated RCE with public exploits means active scanning and exploitation are likely occurring. Patch or isolate NOW.