← Back

Ewon Flexy Firmware

ewon_flexy_firmware

Vendor: Hms Networks • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-16230
1Hms Networks
2Ewon Cosy Firmware
Ewon Flexy Firmware
Nov 21, 2024
Sep 18, 2020
N/A· v4
2.3 LOW· v3
2.1 LOW· v2
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource...Show more
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing.Show less
CVE-2020-10633
1Hms Networks
2Ewon Cosy Firmware
Ewon Flexy Firmware
Nov 21, 2024
Apr 8, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device...Show more
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful.Show less