Hunesion: >> I-Onenet Security Vulnerabilities
Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-02-27
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-07-10
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-07-10