'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339396)

Rule General Information
Release Date: 2025-08-19
Rule Name: Acrel Intelligent Environmental Protection Cloud Platform API getmonitorrealdata SQL Injection Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Beijing acrel Energy Management Co., Ltd. is a wholly-owned subsidiary of acrel Electric Co., LTD. The headquarters, acrel Electric Co., LTD., was established in 2003 and integrates R-D, production, sales and service. It is a high-tech joint-stock enterprise that provides energy efficiency management and power safety solutions for enterprise microgrids. There is an SQL injection vulnerability in the getmonitorrealdata interface of acrel Intelligent Environmental Protection Cloud Platform. Attackers can inject malicious SQL statements by constructing malicious request parameters, leading to database information leakage, data tampering, and even system privilege escalation, which affects the security and integrity of system data.
Impact: An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.