SOUND4 Impact, First, Pulse, and Eco Unauthenticated Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in SOUND4 IMPACT, FIRST, PULSE, and ECO products, specifically in versions 2.x and prior. The issue arises from the firmware upload functionality, which contains a path traversal flaw, allowing attackers to exploit the upload.cgi script. This exploitation enables the unauthorized writing of malicious files to the system with www-data permissions, facilitating unauthorized access and code execution.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected system, with the executed code running under the www-data user.

Reproduction

The vulnerability can be reproduced by sending a specially crafted request to the upload.cgi script. This request must exploit the path traversal flaw to write a malicious file to a location on the system where it can be executed. The uploaded file will need to be crafted to include a payload that, when executed, provides a reverse shell or similar access back to the attacker.