Volerion logoVolerion
Volerion logoVolerion

HMS Networks Ewon Products Stack Buffer Overflow Vulnerability Leading to Denial-of-Service and Unauthenticated Remote Code Execution

Vulnerability

A stack buffer overflow vulnerability has been identified in HMS Networks Ewon Flexy and Cosy+ products, allowing for denial-of-service and unauthenticated remote code execution. This vulnerability is present in Ewon Flexy with firmware prior to 15.0s4, and in Ewon Cosy+ with firmware 22.xx prior to 22.1s6, as well as in Cosy+ versions 23.0s0 through 23.0s2. The vulnerability arises from improper handling of data, leading to a buffer overflow that can be exploited to execute code remotely without authentication, in addition to causing a denial-of-service condition by crashing the device or causing it to reboot.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the device or causing it to reboot. Additionally, the stack buffer overflow can be exploited to execute code remotely on the device without authentication.

Remediation

Users are advised to update their Ewon Flexy and Cosy+ devices to the latest firmware version.

Added: Mar 13, 2026, 7:56 PM
Updated: Mar 13, 2026, 7:56 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
6.4
remediation
7.9
relevance
3.8
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.