> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Weaver e-Office is a widely used collaboration and management platform developed by Weaver Network Technology. It supports HR, finance, admin workflows, and mobile office functions. Recently, a critical vulnerability was discovered and patched by Weaver, and SafeLine security research teams have analyzed and confirmed its impact.
What Happened?
Security researchers at Chaitin Tech detected that Weaver released a patch addressing a remote code execution (RCE) flaw. The issue occurs due to a combination of arbitrary file upload and file inclusion, allowing attackers to execute malicious code on vulnerable servers without authentication.
Why It Matters
- RCE is critical: Successful exploitation means attackers could run arbitrary commands on your server.
- Widespread exposure: e-Office is common in enterprise and SMB environments.
- Easy exploitation: Attackers can leverage this without valid credentials.
Detection Tools
Chaitinβs security team has released two tools to help identify vulnerable assets:
1. X-POC Remote Scanner
Run against a target to test for exposure:
xpoc -r 410 -t http://target-url
`
Download:
2. CloudWalker Local Scanner
Run locally on Windows:
bash
weaver_eoffice_rce_ct_898014_scanner_windows_amd64.exe
Download:
Affected Versions
- e-Office < 10.0_20230821
How to Mitigate
Temporary Workaround:
- Use network ACLs to limit access only to trusted IP addresses or networks.
Permanent Fix:
- Upgrade to e-Office 10.0_20230821 or later immediately.
- Official patch and advisory: Weaver e-Office
Product Support
Chaitinβs ecosystem products have integrated detection and support for this vulnerability:
- Yuntu: Fingerprinting and PoC scanning supported.
- Dongjian: Custom PoC detection available.
- SafeLine WAF: Can detect exploitation attempts.
- Quanxi: Released updated detection signatures.
- CloudWalker: Emergency vuln intelligence package available (EMERVULN-23.09.026).
Timeline
- Sep 25: Vulnerability disclosed online.
- Sep 25: Chaitin emergency team analyzed and reproduced the issue.
- Sep 26: Official advisory released.
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)