Skip to main content

Ewon Cosy Firmware

8 CVEs product

Monthly

CVE-2024-33897 CRITICAL POC Act Now

A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ewon Cosy Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-33896 HIGH POC This Week

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ewon Cosy Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
4.0%
CVE-2024-33895 MEDIUM POC This Month

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ewon Cosy Firmware
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2024-33894 HIGH POC This Week

Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ewon Cosy Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-33893 MEDIUM POC This Month

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ewon Cosy Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-33892 HIGH POC This Week

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ewon Cosy Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2020-16230 LOW Monitor

All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Ewon Flexy Firmware Ewon Cosy Firmware
NVD
CVSS 3.1
2.3
EPSS
0.3%
CVE-2020-10633 MEDIUM This Month

A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ewon Flexy Firmware Ewon Cosy Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ewon Cosy Firmware
NVD
EPSS 4% CVSS 7.2
HIGH POC This Week

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ewon Cosy Firmware
NVD Exploit-DB
EPSS 1% CVSS 6.6
MEDIUM POC This Month

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ewon Cosy Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ewon Cosy Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ewon Cosy Firmware
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ewon Cosy Firmware
NVD
EPSS 0% CVSS 2.3
LOW Monitor

All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Ewon Flexy Firmware Ewon Cosy Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ewon Flexy Firmware Ewon Cosy Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy