Lack of Update File Integrity Checking in Hunesion i-oneNet Allows for Malicious Update Exploitation

Lack of Update File Integrity Checking in Hunesion i-oneNet Allows for Malicious Update Exploitation

CVE-2019-12804 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.

Learn more about our Web Application Penetration Testing UK.