Ewon Flexy Firmware
CVE-2020-16230
LOW
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.
AnalysisAI
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing. Affected products include: Hms-Networks Ewon Flexy Firmware, Hms-Networks Ewon Cosy Firmware. Version information: prior to 14.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ewon Flexy Firmware
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today