CVE-2024-33893

Published Aug 2, 2024

Last updated 17 days ago

CVSS medium 6.1

Overview

Description: Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 and 22.1s3.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D2D5C2F-AA95-47DF-BD24-8A2C355BBEC6",
            "versionEndIncluding": "21.2s10",
            "versionStartIncluding": "21.0"
          },
          {
            "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9048EBCA-4083-4C50-8499-A6FA6346AAA0",
            "versionEndIncluding": "22.1s3",
            "versionStartIncluding": "22.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_apac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26AE4359-63AD-4451-AACD-D621B9D422C7"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_eu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95A7AEB3-53A0-4B77-8DFB-8E92E4B24462"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_jp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0C2B08D-D645-4C04-B010-4FF85642F7B5"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_na:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B85678D5-71F7-47EA-A21F-272BA9C02B33"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_ethernet:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F5917C5-AD12-4FB3-9DBB-D757DC053427"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1475F50-11AB-4290-8D1D-FFCA2245B0B3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References