'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

RULE(RULE ID:339970)

Rule General Information
Release Date: 2026-05-06
Rule Name: Command Injection Detection - Environment Variable
Severity:
CVE ID:
Rule Protection Details
Description: This rule detects Windows command injection attacks using environment variable substring bypass techniques. Attackers use the Windows environment variable substring syntax to bypass security devices.
Impact: Successful exploitation allows an attacker to execute arbitrary system commands on the target Windows server, leading to complete system compromise, data theft, and further lateral movement in the network.
Affected OS: Windows
Reference:
Solutions
Implement strict input validation and sanitization for all user inputs. Use parameterized queries or prepared statements when executing system commands. Disable or restrict command execution functions in the application. Implement proper access controls and authentication mechanisms.