'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:weaver_e-cology_api_getfileviewurl_ssrf_vulnerability(Rule ID:1070210424)

Release Date2025/9/15

Rule NameWeaver E-Cology API getFileViewUrl SSRF Vulnerability

Severity:high

CVE ID

 

Descripiton

There is SSRF vulnerability in the getFileViewUrl interface of Weaver E-Cology. Unauthenticated remote attackers can use this vulnerability to scan the Intranet or local port where the server is located, obtain the banner information of the service, spy on the network structure, and even launch attacks on Intranet or local applications. Obtain sensitive internal configurations of the server, resulting in information leakage. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.