> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Weaver e-Office is a widely used collaboration and management platform developed by Weaver Network Technology. It supports HR, finance, admin workflows, and mobile office functions. Recently, a critical vulnerability was discovered and patched by Weaver, and SafeLine security research teams have analyzed and confirmed its impact.
What Happened?
Security researchers at Chaitin Tech detected that Weaver released a patch addressing a remote code execution (RCE) flaw. The issue occurs due to a combination of arbitrary file upload and file inclusion, allowing attackers to execute malicious code on vulnerable servers without authentication.
Why It Matters
- RCE is critical: Successful exploitation means attackers could run arbitrary commands on your server.
- Widespread exposure: e-Office is common in enterprise and SMB environments.
- Easy exploitation: Attackers can leverage this without valid credentials.
Detection Tools
Chaitin’s security team has released two tools to help identify vulnerable assets:
1. X-POC Remote Scanner
Run against a target to test for exposure:
xpoc -r 410 -t http://target-url
`
Download:
2. CloudWalker Local Scanner
Run locally on Windows:
bash
weaver_eoffice_rce_ct_898014_scanner_windows_amd64.exe
Download:
Affected Versions
- e-Office < 10.0_20230821
How to Mitigate
Temporary Workaround:
- Use network ACLs to limit access only to trusted IP addresses or networks.
Permanent Fix:
- Upgrade to e-Office 10.0_20230821 or later immediately.
- Official patch and advisory: Weaver e-Office
Product Support
Chaitin’s ecosystem products have integrated detection and support for this vulnerability:
- Yuntu: Fingerprinting and PoC scanning supported.
- Dongjian: Custom PoC detection available.
- SafeLine WAF: Can detect exploitation attempts.
- Quanxi: Released updated detection signatures.
- CloudWalker: Emergency vuln intelligence package available (EMERVULN-23.09.026).
Timeline
- Sep 25: Vulnerability disclosed online.
- Sep 25: Chaitin emergency team analyzed and reproduced the issue.
- Sep 26: Official advisory released.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (1)
This post is incredibly helpful—thanks for breaking this down so clearly! Vulnerabilities like remote code execution (RCE) are serious, and it’s eye-opening to learn how attackers might exploit file uploads and inclusions to run code without logging in. The fact that this impacts many SMEs and enterprise setups makes it even more relevant.
I really appreciate how you laid out both short-term and long-term steps. Limiting access via network ACLs is smart for a quick stopgap, while upgrading to the patched version (10.0_20230821 or later) is clearly the best permanent fix. It's also reassuring that Chaitin’s tools—like Yuntu, Dongjian, SafeLine WAF, and CloudWalker—are already equipped to help detect issues before they escalate.
Thanks for illuminating this critical vulnerability and providing straightforward solutions that anyone managing Weaver e-Office can act on right away.