본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-12803, CVE-2019-12804 | i-oneNet Multiple vulnerabilities2019.07.09

□ Overview

o Hunesion has released security updates to address multiple vulnerabilities in i-oneNet(Inter-network data transmission) solution.
 

Vulerability Type

Impact

Severity

CVE ID

Unrestricted file upload

Malicious file upload

High

CVE-2019-12803

Authentication Issues Malicious file execution High CVE-2019-12804

 

□ Description

o (CVE-2019-12803) The specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, attacker can use the webshell to perform remote code exection such as running a system command.

o (CVE-2019-12804) Due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as a update.

 

□ Affected Product

Product

Version

i-oneNet

3.0.7 ~ 3.0.53, 4.0.4 ~ 4.0.16

 

□ Solution

o Update to patched release version(V3.0 => 3.0.54,  V4.0 => 4.0.17)

 

□ Reference site

http://www.hunesion.com/

 

□ Credit

KrCERT/CC