Vulnerabilities > HMS Networks > Ewon Cosy Firmware > 21.2s3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-33897 | Forced Browsing vulnerability in Hms-Networks Ewon Cosy+ Firmware A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. | 9.1 |
| 2024-08-02 | CVE-2024-33892 | Cleartext Storage of Sensitive Information vulnerability in Hms-Networks Ewon Cosy+ Firmware Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. | 7.5 |
| 2024-08-02 | CVE-2024-33893 | Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. | 6.1 |
| 2024-08-02 | CVE-2024-33895 | Use of Hard-coded Credentials vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. | 6.6 |
| 2024-08-02 | CVE-2024-33896 | OS Command Injection vulnerability in Hms-Networks Ewon Cosy+ Firmware Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. | 7.2 |