Description
HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.
Published: 2026-03-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a stack buffer overflow (CWE-121) present in HMS Networks Ewon Flexy and Cosy+ devices. Key detail from the CVE description: the overflow can cause a denial of service and, if exploited, can lead to unauthenticated remote code execution. The impact includes loss of availability and potential compromise of confidentiality and integrity if the remote code execution is achieved. The overflow occurs during firmware processing of certain inputs, allowing an attacker to overwrite return addresses and execute arbitrary code.

Affected Systems

Affected vendors and products are HMS Networks Ewon Flexy firmware before 15.0s4, Cosy+ firmware 22.xx before 22.1s6, and Cosy+ firmware 23.xx before 23.0s3. No additional vendor-specific version information is provided beyond the firmware version ranges.

Risk and Exploitability

The severity rating is CVSS 9.8, indicating a critical risk. The EPSS score is reported as less than 1%, suggesting a low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is remote and unauthenticated; an attacker can trigger the overflow from a remote machine without authentication.

Generated by OpenCVE AI on March 18, 2026 at 15:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest firmware: Ewon Flexy firmware 15.0s4 or newer; Cosy+ firmware 22.1s6 or newer for 22.xx series; Cosy+ firmware 23.0s3 or newer for 23.xx series.
  • If upgrading immediately is not possible, isolate the device from the untrusted network and restrict access to authorized IP ranges only.
  • Continuously monitor device logs for anomalous traffic or repeated failure events, and investigate any suspected exploitation attempts.

Generated by OpenCVE AI on March 18, 2026 at 15:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overflow in HMS Networks Ewon Flexy and Cosy+ Firmware Enabling Remote Code Execution

Fri, 13 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Hms-networks
Hms-networks ewon Cosy
Hms-networks ewon Flexy
Vendors & Products Hms-networks
Hms-networks ewon Cosy
Hms-networks ewon Flexy

Thu, 12 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution.
References

Subscriptions

Hms-networks Ewon Cosy Ewon Flexy
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-13T16:03:42.853Z

Reserved: 2026-02-06T00:00:00.000Z

Link: CVE-2026-25823

cve-icon Vulnrichment

Updated: 2026-03-13T13:01:47.641Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:27.790

Modified: 2026-03-16T14:54:11.293

Link: CVE-2026-25823

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:36:30Z

Weaknesses