RaspberryMatic unauthenticated Remote Code Execution vulnerability through HMServer File Upload.

RaspberryMatic / OCCU contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple
issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached
through the URL `/pages/jpages/system/DeviceFirmware/addFirmware`.
This allows an unauthenticated attacker to upload a malicious .tgz archive to the server, which will be
automatically extracted without any further checks. As this entry can contain ../sequences, it is possible to
break out of the predefined temp directory and write files to other locations outside this path.

This vulnerability is commonly known as the Zip Slip vulnerability and can be used to overwrite arbitrary files
on the main filesystem. It is therefore possible to overwrite the watchdog script with a malicious payload in
`/usr/local/addons/mediola/bin/`, which will be executed every five minutes through a cron job where attackers
can gain remote code execution as root user, allowing a full system compromise.

RaspberryMatic versions