Select Page

Hillstone Networks products contain a vulnerability that allows arbitrary file write operations, leading to unauthorized remote command execution.

by | May 13, 2026

Vulnerability Name:

Hillstone Networks products contain an arbitrary file write vulnerability leading to unauthorized remote command execution.

Release Date:

2026-01-22

Vulnerability Description:

Some Hillstone Networks products contain an arbitrary file write vulnerability leading to unauthorized remote command execution. This vulnerability arises because the system does not effectively filter user input, directly concatenating system commands for execution, resulting in remote code execution.

Vulnerability ID: HSVD-2025-0048

Third-Party ID: None

Vulnerability Level:

High Risk

Vulnerability Source:

Internal Disclosure

Impact and Remediation

Affected Versions and Remediation Versions:

Product Affected Version Remediation Version
Firewall All Versions 5.5R8P28, 5.5R10P14, 5.5R10P13, 5.5R11P6, 5.5R11P5.6 and later, 5.5R12
IFW All Versions IFW4.3.2
IPS All Versions IPS5.5.7
BDS All Versions BDS5.5.7
IDA All Versions IDA4.3.2
WAF All Versions WAF3.6.7
LMS All Versions LMS4.3.7
YunGe All Versions YunGe 2.9.4B2.4
ADC All Versions AX4.4.4
Remediation and Protection Solution

  1. 1. We recommend prioritizing software version upgrades.
  2. For scenarios where software version upgrades are temporarily unavailable, you can control the managed interface range and trusted host IP range by configuring a trusted host (admin host) and modifying the management method under the interface.

Contact Us

For this vulnerability issue and detailed solutions, please contact Hillstone Networks technical support hotline at 400-828-6655 and our professional service and pre-sales technical personnel.

To report security issues related to Hillstone Networks products and solutions, please send feedback to Hillstone PSIRT email address PSIRT@hillstonenet.com. Hillstone Networks is committed to protecting the ultimate interests of its product users, adhering to responsible security incident disclosure principles, and handling product security issues in accordance with relevant laws and regulations.

Hillstone Networks, dedicated to your security!

Statement

Without the written authorization of this company, no organization or individual may modify, excerpt, or use the content of this announcement for commercial purposes.