Primary

Context

HMS Networks Ewon Devices Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in HMS Networks Ewon Flexy and Cosy+ devices, allowing unauthenticated attackers to cause a device reboot. This issue is present in Ewon Flexy with firmware prior to 15.0s4, and in Ewon Cosy+ with firmware 22.xx prior to 22.1s6 and 23.xx prior to 23.0s3. The vulnerability can be exploited by sending a specially crafted HTTP request to the device's graphical user interface (GUI).

Impact

Exploitation of this vulnerability leads to a denial-of-service condition by causing the device to reboot.

Remediation

Users are advised to update Ewon Flexy devices to firmware 15.0s4 or greater, and Ewon Cosy+ devices to firmware 22.1s6 or greater, or 23.0s3 or greater, depending on their current version.

Added: Mar 13, 2026, 7:56 PM

Updated: Mar 13, 2026, 7:56 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

7.0

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HMS Networks Ewon Devices Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

HMS Networks Ewon Flexy

HMS Networks Ewon Cosy+

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating