Back to search
CVE-2020-10633
Published: Apr 8, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). An attacker could send a specially crafted URL to initiate a password change for the device. The target must introduce the credentials to the gateway before the attack can be successful.
| Vendor | Product | Versions |
|---|---|---|
n/a | eWON Flexy and Cosy | affected All firmware versions prior to 14.1s0 |
Weaknesses (CWE)
References
https://www.us-cert.gov/ics/advisories/icsa-20-098-03
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now