Ewon Cosy+ Firmware Security Vulnerabilities and Issues — Ewon Cosy+ Firmware CVE List

Lucene search

Hms-networksEwon Cosy+ Firmware

6 matches found

CVE•added 2024/08/02 6:16 p.m.•27 views

CVE-2024-33896

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s3.

7.2CVSS7.1AI score0.07059EPSS

CVE•added 2024/08/02 6:16 p.m.•25 views

CVE-2024-33895

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.

6.6CVSS7.2AI score0.00076EPSS

CVE•added 2024/08/06 2:16 p.m.•24 views

CVE-2024-33897

A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.

9.1CVSS7AI score0.00398EPSS

CVE•added 2024/08/02 6:16 p.m.•22 views

CVE-2024-33893

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 and 22.1s3.

6.1CVSS6.3AI score0.00215EPSS

CVE•added 2024/08/02 6:16 p.m.•18 views

CVE-2024-33892

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3

7.5CVSS6.9AI score0.00091EPSS

CVE•added 2024/08/02 6:16 p.m.•17 views

CVE-2024-33894

Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.

8.8CVSS7.3AI score0.00373EPSS