CVE-2024-33896 – CVE-2024-33896 is a code injection vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-33896?

CVE-2024-33896 has a CVSS score of 7.2 (HIGH). CVE-2024-33896 is a code injection vulnerability in Cosy+ industrial remote access gateways that allows attackers to execute arbitrary commands on affected devices. This affects organizations using Cosy+ devices with vulnerable firmware versions, potentially compromising industrial control systems and operational technology networks.

📋 TL;DR

CVE-2024-33896 is a code injection vulnerability in Cosy+ industrial remote access gateways that allows attackers to execute arbitrary commands on affected devices. This affects organizations using Cosy+ devices with vulnerable firmware versions, potentially compromising industrial control systems and operational technology networks.

💻 Affected Systems

Products:

Ewon Cosy+ industrial remote access gateways

Versions: Firmware 21.x below 21.2s10 and firmware 22.x below 22.1s3

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all Cosy+ devices with vulnerable firmware regardless of configuration. Industrial environments with these devices in production are at risk.

📦 What is this software?

Ewon Cosy\+ Firmware by Hms Networks

View all CVEs affecting Ewon Cosy\+ Firmware →

Ewon Cosy\+ Firmware by Hms Networks

View all CVEs affecting Ewon Cosy\+ Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover leading to industrial process disruption, data exfiltration, lateral movement into OT networks, and physical safety risks in critical infrastructure.

🟠

Likely Case

Unauthorized access to device configuration, credential theft, network reconnaissance, and potential ransomware deployment in industrial environments.

🟢

If Mitigated

Limited impact with proper network segmentation, but still potential for device compromise if perimeter defenses are breached.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Detailed exploit techniques published in security advisories and blog posts. Attack requires network access to vulnerable device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 21.2s10 for 21.x branch, 22.1s3 for 22.x branch

Vendor Advisory: https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf

Restart Required: Yes

Instructions:

1. Download latest firmware from HMS Networks/Ewon portal. 2. Backup device configuration. 3. Upload firmware via web interface. 4. Apply update. 5. Reboot device. 6. Verify firmware version.

🔧 Temporary Workarounds

Network segmentation and access control

all

Isolate Cosy+ devices in dedicated network segments with strict firewall rules

Disable unnecessary services

all

Turn off unused network services and interfaces on Cosy+ devices

🧯 If You Can't Patch

Implement strict network access controls allowing only authorized IP addresses
Monitor network traffic to/from Cosy+ devices for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface: Login > System > About. Compare version against vulnerable ranges.

Check Version:

Web interface navigation or check device documentation for CLI access methods

Verify Fix Applied:

Confirm firmware version shows 21.2s10 or higher for 21.x branch, or 22.1s3 or higher for 22.x branch

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
Unexpected configuration changes
Command execution logs showing suspicious patterns

Network Indicators:

Unexpected outbound connections from Cosy+ devices
Traffic to known malicious IPs
Anomalous protocol usage

SIEM Query:

source="cosy+*" AND (event_type="command_execution" OR event_type="configuration_change") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2024-33896

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: August 2, 2024

Last Updated: November 4, 2025

🔗 References

https://blog.syss.com/posts/hacking-a-secure-industrial-remote-access-gateway/ Exploit,Third Party Advisory
https://hmsnetworks.blob.core.windows.net/nlw/docs/default-source/products/cybersecurity/security-advisory/hms-security-advisory-2024-07-29-001--ewon-several-cosy--vulnerabilities.pdf Vendor Advisory
https://www.ewon.biz/products/cosy/ewon-cosy-wifi Product
https://www.hms-networks.com/cyber-security Vendor Advisory
http://seclists.org/fulldisclosure/2024/Aug/21

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33896, you might also want to check these: