HMS Networks Ewon Flexy
Moderate fix1 remedy
cpe:2.3:h:hms-networks:ewon_flexy:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- < 15.0s4
HMS Networks Ewon Products Weak Entropy in Authentication Cookies Vulnerability
Vulnerability
Patched
A vulnerability exists in HMS Networks Ewon Flexy and Cosy+ products due to weak entropy in authentication cookies. This issue is present in Ewon Flexy with firmware prior to 15.0s4, and in Ewon Cosy+ with firmware 22.xx prior to 22.1s6, as well as those with firmware 23.xx prior to 23.0s3. The weak cookie entropy allows an attacker with a stolen session cookie to brute-force an encryption parameter and potentially discover the user's password.
Impact
Exploitation of this vulnerability could lead to unauthorized password retrieval by brute-forcing an encryption parameter, using a stolen session cookie.
Remediation
Users are advised to update their Ewon Flexy and Cosy+ devices to the latest firmware. For Flexy devices, update to version 15.0s4 or greater. For Cosy+ devices, those on 22.xx firmware should update to 22.1s6 or greater, and those on 23.xx firmware should update to 23.0s3 or greater.
Added: Mar 13, 2026, 7:58 PM
Updated: Mar 13, 2026, 7:58 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
4.3remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.