9.1
CVE-2024-33897
- EPSS 0.53%
- Veröffentlicht 06.08.2024 14:16:03
- Zuletzt bearbeitet 21.11.2024 09:17:41
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hms-networks ≫ Ewon Cosy+ Firmware Version >= 21.0s0 < 21.2s10
Hms-networks ≫ Ewon Cosy+ 4g Apac Version-
Hms-networks ≫ Ewon Cosy+ 4g Eu Version-
Hms-networks ≫ Ewon Cosy+ 4g Jp Version-
Hms-networks ≫ Ewon Cosy+ 4g Na Version-
Hms-networks ≫ Ewon Cosy+ Ethernet Version-
Hms-networks ≫ Ewon Cosy+ Wifi Version-
Hms-networks ≫ Ewon Cosy+ 4g Eu Version-
Hms-networks ≫ Ewon Cosy+ 4g Jp Version-
Hms-networks ≫ Ewon Cosy+ 4g Na Version-
Hms-networks ≫ Ewon Cosy+ Ethernet Version-
Hms-networks ≫ Ewon Cosy+ Wifi Version-
Hms-networks ≫ Ewon Cosy+ Firmware Version >= 22.0s0 < 22.1s3
Hms-networks ≫ Ewon Cosy+ 4g Apac Version-
Hms-networks ≫ Ewon Cosy+ 4g Eu Version-
Hms-networks ≫ Ewon Cosy+ 4g Jp Version-
Hms-networks ≫ Ewon Cosy+ 4g Na Version-
Hms-networks ≫ Ewon Cosy+ Ethernet Version-
Hms-networks ≫ Ewon Cosy+ Wifi Version-
Hms-networks ≫ Ewon Cosy+ 4g Eu Version-
Hms-networks ≫ Ewon Cosy+ 4g Jp Version-
Hms-networks ≫ Ewon Cosy+ 4g Na Version-
Hms-networks ≫ Ewon Cosy+ Ethernet Version-
Hms-networks ≫ Ewon Cosy+ Wifi Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.665 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.