Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

web_app:hanvon_eface_file_read（Rule ID：1070210539）

Release Date：2025/9/15

Rule Name：Hanvon eFace Management Platform exportResourceByFilePath.do Arbitrary File Read Vulnerability

Severity：high

CVE ID：

Descripiton：

Hanvon eFace is a facial recognition attendance and access control management system developed by Hanvon Technology. The Hanvon eFace management platform exportResourceByFilePath.do has an arbitrary file reading vulnerability, which can be exploited by unauthorized attackers to read sensitive file content. This rule supports to defend the A6: Vulnerabe and Outdated Components of OWASP Top 10 - 2021.
Other reference：None

Solution：

Update vendor patches.