Volerion logoVolerion
Volerion logoVolerion

HMS Networks Ewon Flexy 202 Cleartext Transmission of User Credentials Vulnerability

Vulnerability

A vulnerability exists in the Ewon Flexy 202 device, where user credentials are transmitted in clear text without any encryption. This issue arises when users are added or when user credentials are modified through the device's web interface. The vulnerability affects all versions of the Ewon Flexy 202.

Impact

Exploitation of this vulnerability could lead to the unauthorized disclosure of sensitive user credentials.

Remediation

HMS Networks recommends integrating Ewon Flexy devices with the Talk2M Cloud for secure remote access. Users should also follow the best practices outlined in the 'Best Practices for Secure Usage of the Ewon Solution' document, available on the HMS Networks website. Additionally, unused protocols should be disabled. For more information on how to block unused Ewon services, consult the HMS support article 'How to Block Unused Ewon Flexy Cosy131 Services'.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.5
exploitability
6.0
remediation
7.9
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.