[Snort-sigs] New rule for detecting Netgear WNR2000v5 router leaks its serial number attempt

rmkml rmkml at ...4129...
Wed Feb 1 15:21:01 EST 2017


Hello,

First, Thx you @circl_lu,

Please check this new rule detecting Netgear WNR2000v5 router leaks its serial number attempt:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC Netgear WNR2000v5 router leaks its serial number attempt"; flow:to_server,established;
content:"/BRS_netgear_success.html"; nocase; http_uri; reference:cve,2016-10175; reference:url,cve.circl.lu/cve/CVE-2016-10175;
classtype:web-application-attack; sid:1; rev:1; )

Don't forget check variables.

Please send any comments.

Regards
@Rmkml




More information about the Snort-sigs mailing list