CVE-2020-10633
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful.
Se presenta una vulnerabilidad de tipo XSS (cross-site scripting) no persistente en eWON Flexy y Cozy (todas las versiones de firmware anteriores a 14.1s0). Un atacante podría enviar una URL especialmente diseñada para iniciar un cambio de contraseña para el dispositivo. El objetivo debe introducir las credenciales en la puerta de enlace antes de que el ataque pueda tener éxito.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-03-16 CVE Reserved
- 2020-04-08 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.us-cert.gov/ics/advisories/icsa-20-098-03 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hms-networks Search vendor "Hms-networks" | Ewon Flexy Firmware Search vendor "Hms-networks" for product "Ewon Flexy Firmware" | < 14.1s0 Search vendor "Hms-networks" for product "Ewon Flexy Firmware" and version " < 14.1s0" | - |
Affected
| in | Hms-networks Search vendor "Hms-networks" | Ewon Flexy Search vendor "Hms-networks" for product "Ewon Flexy" | - | - |
Safe
|
| Hms-networks Search vendor "Hms-networks" | Ewon Cosy Firmware Search vendor "Hms-networks" for product "Ewon Cosy Firmware" | < 14.1s0 Search vendor "Hms-networks" for product "Ewon Cosy Firmware" and version " < 14.1s0" | - |
Affected
| in | Hms-networks Search vendor "Hms-networks" | Ewon Cosy Search vendor "Hms-networks" for product "Ewon Cosy" | - | - |
Safe
|