alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Netlink GPON Remote Code Execution Attempt (Inbound)"; flow:established,to_server; content:"POST"; http_method; content:"/boaform/admin/formPing"; http_uri; depth:23; fast_pattern; isdataat:!1,relative; content:"target_addr=|3b|"; depth:13; http_client_body; reference:url,blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/; reference:url,www.exploit-db.com/exploits/48225; classtype:attempted-admin; sid:2029976; rev:3; metadata:affected_product Router, attack_target Networking_Equipment, created_at 2020_04_20, deployment Perimeter, former_category EXPLOIT, performance_impact Low, signature_severity Major, updated_at 2020_11_12;)

Added 2020-11-12 18:23:20 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Netlink GPON Remote Code Execution Attempt (Inbound)"; flow:established,to_server; content:"POST"; http_method; content:"/boaform/admin/formPing"; http_uri; depth:23; isdataat:!1,relative; fast_pattern; content:"target_addr=|3b|"; depth:13; http_client_body; reference:url,blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/; reference:url,www.exploit-db.com/exploits/48225; classtype:attempted-admin; sid:2029976; rev:2; metadata:affected_product Router, attack_target Networking_Equipment, created_at 2020_04_20, deployment Perimeter, former_category EXPLOIT, performance_impact Low, signature_severity Major, updated_at 2020_04_20;)

Added 2020-08-05 19:18:02 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Netlink GPON Remote Code Execution Attempt (Inbound)"; flow:established,to_server; content:"POST"; http_method; content:"/boaform/admin/formPing"; http_uri; depth:23; isdataat:!1,relative; fast_pattern; content:"target_addr=|3b|"; depth:13; http_client_body; metadata: former_category EXPLOIT; reference:url,blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/; reference:url,www.exploit-db.com/exploits/48225; classtype:attempted-admin; sid:2029976; rev:2; metadata:affected_product Router, attack_target Networking_Equipment, deployment Perimeter, signature_severity Major, created_at 2020_04_20, performance_impact Low, updated_at 2020_04_20;)

Added 2020-04-20 19:37:01 UTC



This topic: Main > 2029976
Topic revision: r1 - 2020-11-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats