PT-2019-12954 · Hunesion · Hunesion I-Onenet
Published
2019-07-10
·
Updated
2023-02-28
·
CVE-2019-12804
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hunesion i-oneNet versions 3.0.7 through 3.0.53
Hunesion i-oneNet versions 4.0.4 through 4.0.16
Description
The issue arises from the lack of update file integrity checking in the upgrade process, allowing an attacker to craft a malicious file and use it as an update.
Recommendations
For versions 3.0.7 through 3.0.53, update to a version that includes file integrity checking in the upgrade process.
For versions 4.0.4 through 4.0.16, update to a version that includes file integrity checking in the upgrade process.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hunesion I-Onenet