The vulnerability allows an attacker to upload files of any type to the Hillstone Networks Operation and Maintenance Security Gateway. Because the upload mechanism does not restrict file formats, a malicious user can place a web shell or other executable content on the device, leading to the execution of arbitrary code on the underlying Linux system. This represents a remote code execution vulnerability with the weakness reflected in CWE‑434 and enables the attacker to achieve full control over the device once the shell is triggered.

Hillstone Networks Operation and Maintenance Security Gateway version V5.5ST00001B113 running on Linux. The flaw is present only in this exact build; no other versions were identified in the advisory.

The CVSS score is 2.7, indicating a low severity rating, and the EPSS score is below 1 %, showing a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to reach the web management interface of the gateway, usually through an open network or compromised credentials, to place the malicious file. Once the file is uploaded, executing it grants code‑execution rights. Because the flaw resides in the file‑upload feature, the attack vector is a remote, network‑based exploitation through the web UI; no local privilege escalation or physical access is required.