Vulnerability Details CVE-2019-12803
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 10.0
References
Products affected by CVE-2019-12803
-
cpe:2.3:a:hunesion:i-onenet:3.0.53
-
cpe:2.3:a:hunesion:i-onenet:3.0.7
-
cpe:2.3:a:hunesion:i-onenet:4.0.16
-
cpe:2.3:a:hunesion:i-onenet:4.0.4