Critical Vulnerability Information Vulnerability Title: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (dns.php) Conditional Command Injection Advisory ID: ZSL-2022-5733 Type: Local/Remote Impact: System Access, DoS Risk: 4/5 Release Date: 14.12.2022 Vulnerability Description This vulnerability allows an authenticated local user to create a file in the /tmp directory containing malicious commands. The filename must end with .dns.pid, and the commands within the file can only be executed once by an externally authenticated attacker. By invoking the vulnerable script and sending a single HTTP POST request, an attacker can gain command execution privileges on the system. After the request is sent, the file containing the malicious command is deleted. Affected Versions FM/HD Radio Processing: - Impact/Pulse/First (Version 2: 1.1/2.15) - Impact/Pulse/First (Version 1: 2.1/1.69) - Impact/Pulse Eco 1.16 Voice Processing: - BigVoice4 1.2 - BigVoice2 1.30 Web-Audio Streaming: - Stream 1.1/2.4.29 Watermarking: - WM2 (Kantar Media) 1.11 Test Environment Apache/2.4.25 (Unix) OpenSSL/1.0.2k PHP/7.1.1 GNU/Linux 5.10.43 (armv7l) GNU/Linux 4.9.228 (armv7l) Vendor Status [26.09.2022] - Vulnerability discovered [30.09.2022] - Vendor notified [13.12.2022] - No response from vendor [14.12.2022] - Public security advisory released PoC File sound4_dns_cmdinj.txt