Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ewon_cosy\+_firmware
(Hms\-Networks)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-02 | CVE-2024-33894 | Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges. | Ewon_cosy\+_firmware | N/A | ||
| 2024-08-02 | CVE-2024-33895 | Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device. | Ewon_cosy\+_firmware | 6.6 | ||
| 2024-08-02 | CVE-2024-33893 | Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 and 22.1s3. | Ewon_cosy\+_firmware | 6.1 | ||
| 2024-08-06 | CVE-2024-33897 | A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024. | Ewon_cosy\+_firmware | 9.1 | ||
| 2024-08-02 | CVE-2024-33892 | Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3 | Ewon_cosy\+_firmware | 7.5 | ||
| 2024-08-02 | CVE-2024-33896 | Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s3. | Ewon_cosy\+_firmware | 7.2 |