CVE-2024-33896

Name of the Vulnerable Software and Affected Versions Cosy+ versions 21.x below 21.2s10 Cosy+ versions 22.x below 22.1s3

Description The issue is related to code injection due to improper parameter blacklisting. This can be exploited with local network access. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Cosy+ versions 21.x below 21.2s10, update to version 21.2s10 to resolve the issue. For Cosy+ versions 22.x below 22.1s3, update to version 22.1s3 to resolve the issue. As a temporary workaround, consider restricting access to the device until a patch is applied.