Vulnerabilities > HMS Networks > Ewon Cosy Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-33897 | Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. | 9.1 |
| 2024-08-02 | CVE-2024-33892 | Cleartext Storage of Sensitive Information vulnerability in Hms-Networks Ewon Cosy+ Firmware Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. | 7.5 |
| 2024-08-02 | CVE-2024-33893 | Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. | 6.1 |
| 2024-08-02 | CVE-2024-33895 | Use of Hard-coded Credentials vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. | 6.6 |
| 2024-08-02 | CVE-2024-33896 | OS Command Injection vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. | 7.2 |
| 2020-09-18 | CVE-2020-16230 | Unspecified vulnerability in Hms-Networks Ewon Cosy Firmware and Ewon Flexy Firmware All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. | 2.3 |
| 2020-04-08 | CVE-2020-10633 | Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy Firmware and Ewon Flexy Firmware A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). | 6.1 |