VYPR

FLEXY 202

by Ewon

CVEs (3)

  • CVE-2024-7755HigOct 17, 2024
    risk 0.53cvss 8.2epss 0.00

    The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials.

  • CVE-2020-16230Sep 18, 2020
    risk 0.00cvss epss 0.00

    All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this…

  • CVE-2020-10633Apr 8, 2020
    risk 0.00cvss epss 0.01

    A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway…