Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ewon_cosy_firmware
(Hms\-Networks)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-09-18 | CVE-2020-16230 | All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing. | Ewon_cosy_firmware, Ewon_flexy_firmware | 2.3 | ||
| 2020-04-08 | CVE-2020-10633 | A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful. | Ewon_cosy_firmware, Ewon_flexy_firmware | N/A |