CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0432 – HMS Networks Ewon Flexy 202 Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2025-0432
28 Jan 2025 — EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage. • https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/ewon/manuals-and-guides---installation-guides/best-practices-for-a-secure-usage-of-the-ewon-solution-en.pdf?sfvrsn=37160847_4 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9154 – Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-9154
19 Dec 2024 — A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633). Ewon Flexy 205 versions 14.8s0 (#2633) and below suffer from an authenticated remote code execution vulnerability. • https://packetstorm.news/files/id/183291 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7755 – HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials
https://notcve.org/view.php?id=CVE-2024-7755
17 Oct 2024 — The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-04 • CWE-522: Insufficiently Protected Credentials •
CVSS: 2.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16230
https://notcve.org/view.php?id=CVE-2020-16230
18 Sep 2020 — All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) configuration that could abuse this vulnerability, allowing the attacker to retrieve limited confidential information through sniffing. Todas las versiones de Ewon Flexy Cozy versiones anteriores a la 14.1, usan comodines tales como (*) bajo los cuales los dominios pueden soli... • https://us-cert.cisa.gov/ics/advisories/icsa-20-254-03 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2020-10633
https://notcve.org/view.php?id=CVE-2020-10633
08 Apr 2020 — A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful. Se presenta una vulnerabilidad de tipo XSS (cross-site scripting) no persistente en eWON Flexy y Cozy (todas las versiones de firmware anteriores a 14.1s0). Un atacante podría enviar una URL espec... • https://www.us-cert.gov/ics/advisories/icsa-20-098-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •