CVE-2024-33892

Published Aug 2, 2024

Last updated 2 months ago

CVSS high 7.5

Overview

Description: Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-312
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-281

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04E2B00A-5F5D-455D-84DA-4ABFA82A1863",
            "versionEndExcluding": "21.2s10",
            "versionStartIncluding": "21.0s0"
          },
          {
            "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1873C613-5DB5-4BFB-A538-860E1BF6555B",
            "versionEndExcluding": "22.1s3",
            "versionStartIncluding": "22.0s0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_apac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26AE4359-63AD-4451-AACD-D621B9D422C7"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_eu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95A7AEB3-53A0-4B77-8DFB-8E92E4B24462"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_jp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0C2B08D-D645-4C04-B010-4FF85642F7B5"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_na:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B85678D5-71F7-47EA-A21F-272BA9C02B33"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_ethernet:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F5917C5-AD12-4FB3-9DBB-D757DC053427"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1475F50-11AB-4290-8D1D-FFCA2245B0B3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References