漏洞关键信息 漏洞名称: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure 严重程度: Medium 日期: December 30, 2025 影响版本: - Impact/Pulse/First Version 2: 1.1/2.15 - Impact/Pulse/Eco 1.16 - BigVoice4 1.2 - BigVoice2 1.30 - Finstream 1.1/2.4.29 - PVM2 1.11 CVE编号: CVE-2022-50790 CWE编号: CWE-306 Missing Authentication for Critical Function CVSS评分: 6.9 CVSS 4.0向量: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N 参考资料: - Zero Science Lab Disclosure (ZSL-2022-5734) - Packet Storm Security Exploit Details - IBM X-Force Vulnerability Exchange Entry - SOUND4 Product Homepage 发现者: LiquidWorm as Gjoko Krstic of Zero Science Lab 漏洞描述: - SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplaylist or ffmpeg scripts. Attackers can exploit the vulnerability by calling specific web lists to disclose radio stream details without requiring authentication.