Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339629）

Rule General Information


Release Date:		2025-11-12

Rule Name:		Tool NSmartProxy Login Stage Detection

Severity:

CVE ID:

Rule Protection Details


Description:		NSmartProxy is an open-source reverse-proxy framework designed to expose intranet services to the public Internet. When a login request directed to the path “/LoginFromClient” is observed, it indicates that the framework’s authentication endpoint has been invoked. If an attacker obtains valid credentials or exploits authentication weaknesses within the product, he can establish a persistent tunnel that bypasses perimeter firewalls, pivot laterally across internal subnets, and map sensitive services such as databases and administrative consoles to the outside world. Because the tunneled traffic is encapsulated in ordinary HTTP, traditional security appliances rarely flag it, allowing the adversary to maintain long-term foothold, repeatedly deliver malicious payloads, and ultimately achieve full network compromise.

Impact:		Attackers use attack tools to attack targets, which can lead to data leakage, service interruption, system crash, data tampering, and illegal access.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

1. Scan the server file system to ensure that no hacking tools and related malicious files are left. 2. Make a complete system backup to ensure the security of server data. 3. Secure the server, restrict access rights, install firewalls, and use secure access control lists.