CVE-2019-12803

Name of the Vulnerable Software and Affected Versions Hunesion i-oneNet versions 3.0.7 through 3.0.53 Hunesion i-oneNet versions 4.0.4 through 4.0.16

Description The issue arises from the specific upload web module not verifying the file extension and type, allowing an attacker to upload a webshell. After uploading the webshell, an attacker can use it to perform remote code execution, such as running system commands.

Recommendations For Hunesion i-oneNet versions 3.0.7 through 3.0.53, consider disabling the upload web module until a patch is available. For Hunesion i-oneNet versions 4.0.4 through 4.0.16, consider disabling the upload web module until a patch is available. As a temporary workaround, restrict access to the upload web module to minimize the risk of exploitation.