cbcvebase.

Hms-Networks Ewon Cosy + Firmware vulnerabilities

6 known vulnerabilities affecting hms-networks/ewon_cosy_+_firmware.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-33896P3HIGHCVSS 7.2PoC≥ 21.0, ≤ 21.2s10≥ 22.0, ≤ 22.1s32024-08-02
CVE-2024-33896 [HIGH] CWE-78 CVE-2024-33896: Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable t Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s3.
nvd
CVE-2024-33897P3CRITICALCVSS 9.1≥ 21.0s0, < 21.2s10≥ 22.0s0, < 22.1s32024-08-06
CVE-2024-33897 [CRITICAL] CWE-425 CVE-2024-33897: A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
nvd
CVE-2024-33894P3HIGHCVSS 8.8≥ 21.0s0, < 21.2s10≥ 22.0s0, < 22.1s32024-08-02
CVE-2024-33894 [HIGH] CWE-269 CVE-2024-33894: Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmwa Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.
nvd
CVE-2024-33892P3HIGHCVSS 7.5≥ 21.0s0, < 21.2s10≥ 22.0s0, < 22.1s32024-08-02
CVE-2024-33892 [HIGH] CWE-312 CVE-2024-33892: Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmw Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3
nvd
CVE-2024-33895P4MEDIUMCVSS 6.6≥ 21.0, ≤ 21.2s10≥ 22.0, ≤ 22.1s32024-08-02
CVE-2024-33895 [MEDIUM] CWE-798 CVE-2024-33895: Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.
nvd
CVE-2024-33893P4MEDIUMCVSS 6.1≥ 21.0, ≤ 21.2s10≥ 22.0, ≤ 22.1s32024-08-02
CVE-2024-33893 [MEDIUM] CWE-79 CVE-2024-33893: Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable t Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 and 22.1s3.
nvd
Hms-Networks Ewon Cosy + Firmware vulnerabilities | cvebase