CVE-2024-33895

Published Aug 2, 2024

Last updated 2 months ago

CVSS medium 6.6

Overview

Description: Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.6
Impact score: 5.9
Exploitability score: 0.7
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D2D5C2F-AA95-47DF-BD24-8A2C355BBEC6",
            "versionEndIncluding": "21.2s10",
            "versionStartIncluding": "21.0"
          },
          {
            "criteria": "cpe:2.3:o:hms-networks:ewon_cosy\\+_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9048EBCA-4083-4C50-8499-A6FA6346AAA0",
            "versionEndIncluding": "22.1s3",
            "versionStartIncluding": "22.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_apac:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "26AE4359-63AD-4451-AACD-D621B9D422C7"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_eu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95A7AEB3-53A0-4B77-8DFB-8E92E4B24462"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_jp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A0C2B08D-D645-4C04-B010-4FF85642F7B5"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_4g_na:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B85678D5-71F7-47EA-A21F-272BA9C02B33"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_ethernet:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F5917C5-AD12-4FB3-9DBB-D757DC053427"
          },
          {
            "criteria": "cpe:2.3:h:hms-networks:ewon_cosy\\+_wifi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D1475F50-11AB-4290-8D1D-FFCA2245B0B3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References