Critical Vulnerability Information Vulnerability Details Name: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Hardcoded Credentials Authentication Bypass Severity: Critical Date: December 30, 2025 CVE ID: CVE-2022-50696 Affected Versions Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/Eco 1.16 BigVoice4 1.2 BigVoice2 1.30 Enterprise Client/Stream 1.1/2.4.29 VM2 1.11 CVSS Score CVSS: 9.3 CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Related Links Zero Science Lab Disclosure (ZSL-2022-5729) Packet Storm Security Exploit Details IBM X-Force Vulnerability Exchange Entry SOUND4 Product Homepage Vulnerability Description SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier contain hardcoded credentials embedded within the server binary, which cannot be modified through normal device operations. Attackers can exploit these static credentials to gain unauthorized access to the device without user interaction, affecting both Linux and Windows distributions. Discoverer LiquidWorm as Gjoko Krstic of Zero Science Lab