Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339679）

Rule General Information


Release Date:		2025-12-02

Rule Name:		Weaver OA oauth2 Permission Bypass Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Weaver e-cology is an office automation (OA) software suite developed by the Chinese company Weaver Software. The software is designed to provide integrated solutions for internal enterprise office workflows to improve work efficiency and information management. Versions of Weaver OA prior to patch v10.54 contain a privilege bypass vulnerability that allows an unauthorised remote attacker to obtain arbitrary user credentials.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.