Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2024-33892

Cleartext Storage of Sensitive Information

Published: Aug 02, 2024 | Modified: Sep 03, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-33892
CWEhttps://cwe.mitre.org/data/definitions/312.html

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3

Weakness

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Software

Name Vendor Start Version End Version
Ewon_cosy+_firmware Hms-networks 21.0s0 (including) 21.2s10 (excluding)
Ewon_cosy+_firmware Hms-networks 22.0s0 (including) 22.1s3 (excluding)

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use