CVE-2017-16900: Hunesion i-oneNet Incorrect Access Control
I. VULNERABILITY
Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.
II. CVE REFERENCE
III. VENDOR
Hunesion (http://www.hunesion.com/?page_id=2240)
IV. TIMELINE
20/11/17 - Vulnerability discovered
V. DESCRIPTION
Hunesion i-oneNet uses HTTP protocol when transfer file between user PCs in a separated network environment. Local user can access other user's file transfer log including transfer date, name and contents via brute forcing their user identifier number.