Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339535）

Rule General Information


Release Date:		2025-10-21

Rule Name:		Dahua ICC push Remote Command Execution Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Zhejiang Dahua Technology Co., Ltd. is a global leading provider of video-centric smart IoT solutions. A remote command execution vulnerability exists in the push interface of the Dahua ICC Intelligent IoT Integrated Management Platform. Attackers can exploit this flaw by sending specially crafted requests to execute arbitrary system commands. The vulnerability lies in the push interface, where insufficient parameter validation allows attackers to inject malicious commands and gain server-side execution privileges, potentially leading to complete control of the affected system.

Impact:		An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.