CVE-2019-12803

CRITICAL

Hunesion I-onenet < 3.0.53 - Unrestricted File Upload

Title source: rule
STIX 2.1

Description

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.

References (1)

Core 1
Core References
Broken Link, Third Party Advisory x_refsource_confirm
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073

Scores

CVSS v3 9.8
EPSS 0.0036
EPSS Percentile 57.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
hunesion/i-onenet 3.0.7 - 3.0.53
Published Jul 10, 2019
Tracked Since Feb 18, 2026