[Snort-sigs] [Emerging-Sigs] Netgear Arbitrary Command Execution sig

James Lay jlay at ...3266...
Mon Dec 12 16:38:57 EST 2016


Thanks Travis.

James

On 2016-12-12 14:36, Travis Green wrote:
> James, we have a sig for this in ET OPEN that will go out today.
> Thanks for the submission!
> 
> -Travis
> 
> On Mon, Dec 12, 2016 at 2:31 PM, James Lay <jlay at ...3266...>
> wrote:
> 
>> I can't imagine anyone running a port 80 Netgear on the WAN side,
>> but eh...stranger things have happened:
>> 
>> alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS
>> (msg:"SERVER-WEBAPP Netgear Arbitrary Command Execution Attempt";
>> flow:established,to_server; content:"GET"; http_method; nocase;
>> content:"/cgi-bin/|3B|"; http_uri; nocase; reference:url,
>> 
> http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers
>> [1]; reference:cve,2016-582384 [2]; classtype:attempted-dos;
>> sid:xxxxxxx; rev:1;)
>> 
>> James
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at ...3694...
>> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs [3]
>> 
>> Support Emerging Threats! Subscribe to Emerging Threats Pro
>> http://www.emergingthreats.net
> 
> --
> 
> PGP: 0xBED7B297 [4]
> 
> Links:
> ------
> [1]
> http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers
> [2] tel:2016-582384
> [3] https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> [4] https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297




More information about the Snort-sigs mailing list