'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339388)

Rule General Information
Release Date: 2025-08-19
Rule Name: Lenovo Cloud Disk API write Arbitrary File Upload Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Lenovo Group is a global technology company founded in China with business operations in 180 markets. Lenovo focuses on global development, continuously develops innovative technologies, and is committed to building a more inclusive, trustworthy and sustainable digital society. It leads and empowers the transformation and reform of the intelligent new era, creating better experiences and opportunities for hundreds of millions of consumers around the world. Lenovo Cloud Disk has a vulnerability in arbitrary file upload. This vulnerability is due to the fact that the system's write interface does not effectively filter user input, allowing malicious attackers to upload arbitrary files and thereby control the target server.
Impact: Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.