Design/Logic Flaw

2019-07-1020:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.

CPENameOperatorVersion
i-onenetge4.0.4
i-onenetle4.0.16
i-onenetge3.0.7
i-onenetle3.0.53

Name	Operator	Version
i-onenet	ge	4.0.4
i-onenet	le	4.0.16
i-onenet	ge	3.0.7
i-onenet	le	3.0.53

References

www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35073