Vulnerabilities > HMS Networks > Ewon Cosy Firmware > 21.2s0

DATE CVE VULNERABILITY TITLE RISK
2024-08-06 CVE-2024-33897 Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue.
network
low complexity
hms-networks CWE-425
critical
9.1
2024-08-02 CVE-2024-33892 Cleartext Storage of Sensitive Information vulnerability in Hms-Networks Ewon Cosy+ Firmware
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies.
network
low complexity
hms-networks CWE-312
7.5
2024-08-02 CVE-2024-33893 Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy+ Firmware
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization.
network
low complexity
hms-networks CWE-79
6.1
2024-08-02 CVE-2024-33895 Use of Hard-coded Credentials vulnerability in Hms-Networks Ewon Cosy+ Firmware
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters.
low complexity
hms-networks CWE-798
6.6
2024-08-02 CVE-2024-33896 OS Command Injection vulnerability in Hms-Networks Ewon Cosy+ Firmware
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting.
network
low complexity
hms-networks CWE-78
7.2