CVE-2019-12804 HIGH

CVE-2019-12804: Hunesion i-oneNet Missing Support for Integrity Check vulnerability

Vendor Hunesion
Product i-oneNet
Weakness CWE-353
Published July 10, 2019
Last update August 4, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.

Key dates

02Disclosure timeline

July 10, 2019 CVE published
August 4, 2024 Record updated