[Snort-sigs] Netgear Arbitrary Command Execution sig

James Lay jlay at ...3266...
Mon Dec 12 16:31:32 EST 2016


I can't imagine anyone running a port 80 Netgear on the WAN side, but 
eh...stranger things have happened:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP 
Netgear Arbitrary Command Execution Attempt"; 
flow:established,to_server; content:"GET"; http_method; nocase; 
content:"/cgi-bin/|3B|"; http_uri; nocase; reference:url, 
http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers; 
reference:cve,2016-582384; classtype:attempted-dos; sid:xxxxxxx; rev:1;)

James




More information about the Snort-sigs mailing list