CVE-2019-12803

Published: Jul 10, 2019Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.

Affected (2)

Products: Hunesion: I Onenet

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hunesion I Onenet	From 3.0.7 to 3.0.53
Hunesion I Onenet	From 4.0.4 to 4.0.16

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073

Source: vuln@krcert.or.kr

Broken LinkThird Party Advisory

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

Timeline

No history available yet.