VYPR

Cosy

by Ewon

CVEs (3)

  • CVE-2024-33895MedAug 2, 2024
    risk 0.43cvss 6.6epss 0.01

    Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.

  • CVE-2020-10633MedApr 8, 2020
    risk 0.40cvss 6.1epss 0.01

    A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway…

  • CVE-2020-16230LowSep 18, 2020
    risk 0.15cvss 2.3epss 0.00

    All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this…