CVE-2024-33892
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3
Affected (2)
Products: Hms Networks: Ewon Cosy+ Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 21.0s0 to 21.2s10 |
| Running on/with | Platform Versions |
|---|---|
Hms Networks Ewon Cosy+ 4g Apac | All versions |
Hms Networks Ewon Cosy+ 4g Eu | All versions |
Hms Networks Ewon Cosy+ 4g Jp | All versions |
Hms Networks Ewon Cosy+ 4g Na | All versions |
Hms Networks Ewon Cosy+ Ethernet | All versions |
Hms Networks Ewon Cosy+ Wifi | All versions |
Related CWEs
CWE-281
Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
References (5)
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.