Hunesion: >> I-Onenet >> 4.0.4 Security Vulnerabilities
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-07-10
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-07-10