Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ewon ewon firmware vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2015-7926
eWON devices with firmware prior to 10.1s0 omit RBAC for I/O server information and status requests, which allows remote malicious users to obtain sensitive information via an unspecified URL.
Ewon Ewon Firmware
8.8
CVSSv3
CVE-2015-7924
eWON devices with firmware prior to 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ewon Ewon Firmware
8.5
CVSSv3
CVE-2015-7928
eWON devices with firmware prior to 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote malicious users to obtain access by leveraging an unattended workstation.
Ewon Ewon Firmware
8
CVSSv3
CVE-2015-7925
Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware up to and including 10.1s0 allows remote malicious users to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.
Ewon Ewon Firmware
6.1
CVSSv3
CVE-2020-10633
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions before 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway bef...
Hms-networks Ewon Flexy Firmware
Hms-networks Ewon Cosy Firmware
6.1
CVSSv3
CVE-2015-7927
Cross-site scripting (XSS) vulnerability on eWON devices with firmware up to and including 10.1s0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ewon Ewon Firmware
4.3
CVSSv3
CVE-2015-7929
eWON devices with firmware up to and including 10.1s0 support unspecified GET requests, which might allow remote malicious users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Ewon Ewon Firmware
2.3
CVSSv3
CVE-2020-16230
All version of Ewon Flexy and Cosy before 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerabili...
Hms-networks Ewon Flexy Firmware
Hms-networks Ewon Cosy Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started