[Snort-sigs] New sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow

rmkml rmkml at ...4129...
Tue Nov 22 15:42:36 EST 2016


Hi,

Please check a new sig for detecting TP-Link TDDP SET_CONFIG type buffer overflow:

alert udp $EXTERNAL_NET any -> $HOME_NET 1040 (msg:"MISC TP-Link TDDP SET_CONFIG type buffer overflow attempt";
dsize:>336; content:"|01 01 00|"; depth:3; offset:0; byte_test:4,>=,0x0264,4,big;
reference:url,www.coresecurity.com/advisories/tp-link-tddp-multiple-vulnerabilities;
classtype:attempted-recon; sid:1; rev:1;)

Don't forget check variables.

Please send any comments.

Regards
@Rmkml




More information about the Snort-sigs mailing list