VYPR

Cosy+

by HMS Networks

CVEs (6)

  • CVE-2024-33897CriAug 6, 2024
    risk 0.59cvss 9.1epss 0.01

    A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.

  • CVE-2024-33894HigAug 2, 2024
    risk 0.57cvss 8.8epss 0.01

    Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.

  • CVE-2024-33896HigAug 2, 2024
    risk 0.50cvss 7.2epss 0.04

    Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s3.

  • CVE-2024-33892HigAug 2, 2024
    risk 0.49cvss 7.5epss 0.00

    Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3

  • CVE-2024-33895MedAug 2, 2024
    risk 0.43cvss 6.6epss 0.01

    Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device.

  • CVE-2024-33893MedAug 2, 2024
    risk 0.40cvss 6.1epss 0.01

    Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10 and 22.1s3.