Home

Description

The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the firmware.

PUBLISHED Reserved 2025-08-17 | Published 2025-09-22 | Updated 2025-09-22 | Assigner mitre

References

www.sound4.com

github.com/...ulnerability-research/tree/main/CVE-2025-57431

cve.org (CVE-2025-57431)

nvd.nist.gov (CVE-2025-57431)

Download JSON