Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339574）

Rule General Information


Release Date:		2025-10-28

Rule Name:		Smartbi Token Authentication Bypass Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Smartbi is a business intelligence application from Smart Software, which provides data integration, analysis, visualization and other functions to help users understand and use data to make decisions. Smartbi setEngineAddress has a permission bypass vulnerability, which is due to the unauthorized setEngineAddress interface. Unauthorized remote attackers can use this vulnerability to obtain the administrator Token, so as to take over the background with the administrator permission, and further use it to realize arbitrary code execution.

Impact:		An unauthorized remote attacker can bypass authentication and gain access to the application with specially crafted requests.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Refer to the announcement or patch by the vendor: https://www.smartbi.com.cn/patchinfo