Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339576）

Rule General Information


Release Date:		2025-10-28

Rule Name:		Yonyou Ufida smartweb2.RPC.d XXE Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Yonyou Ufida, developed by Yonyou Network Technology Co., Ltd., is an Enterprise Resource Planning (ERP) software that provides enterprises with information-based solutions for core business processes such as financial management, supply chain management, and manufacturing, aiming to optimize enterprise management and enhance operational efficiency. The ELTextFile.load.d interface of Yonyou Ufida has a vulnerability that allows arbitrary file reading. There is an XML external entity injection vulnerability in the Ufida smartweb2.RPC.d interface of Yonyou U8, which allows attackers to obtain sensitive file information, add malicious content, and attack XML processors containing defects through vulnerable code.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.