alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"Authorization|3a| Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; http_header; content:"/debug.cgi"; http_uri; reference:url,seclists.org/fulldisclosure/2010/Jun/176; reference:url,doc.emergingthreats.net/2011669; classtype:attempted-admin; sid:2011669; rev:4; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:04:44 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"Authorization|3a| Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; http_header; content:"/debug.cgi"; http_uri; reference:url,seclists.org/fulldisclosure/2010/Jun/176; reference:url,doc.emergingthreats.net/2011669; classtype:attempted-admin; sid:2011669; rev:5;)

Added 2011-10-12 19:32:22 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"Authorization|3a| Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; http_header; content:"/debug.cgi"; http_uri; classtype:attempted-admin; reference:url,seclists.org/fulldisclosure/2010/Jun/176; reference:url,doc.emergingthreats.net/2011669; sid:2011669; rev:5;)

Added 2011-09-14 22:45:11 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"Authorization|3a| Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; http_header; content:"/debug.cgi"; http_uri; classtype:attempted-admin; reference:url,seclists.org/fulldisclosure/2010/Jun/176; reference:url,doc.emergingthreats.net/2011669; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Linksys; sid:2011669; rev:5;)

Added 2011-02-04 17:31:25 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"|0d 0a|Authorization\: Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; uricontent:"/debug.cgi"; classtype:attempted-admin; reference:url,seclists.org/fulldisclosure/2010/Jun/176; reference:url,doc.emergingthreats.net/2011669; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Linksys; sid:2011669; rev:3;)

Added 2010-06-21 21:16:04 UTC


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"|0d 0a|Authorization\: Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; uricontent:"/debug.cgi"; classtype:attempted-admin; reference:url,seclists.org/fulldisclosure/2010/Jun/176; reference:url,doc.emergingthreats.net/2011669; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Linksys; sid:2011669; rev:3;)

Added 2010-06-21 21:16:04 UTC


alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"|0d 0a|Authorization\: Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; uricontent:"/debug.cgi"; classtype:attempted-admin; reference:url,seclists.org/fulldisclosure/2010/Jun/176; reference:url,doc.emergingthreats.net/2011669; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Linksys; sid:2011669; rev:2;)

Added 2010-06-14 14:30:59 UTC


alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"|0d 0a|Authorization\: Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; uricontent:"/debug.cgi"; classtype:attempted-admin; reference:url,seclists.org/fulldisclosure/2010/Jun/176; reference:url,doc.emergingthreats.net/2011669; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/EXPLOIT/EXPLOIT_Linksys; sid:2011669; rev:2;)

Added 2010-06-14 14:30:59 UTC


alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"ET EXPLOIT Linksys WAP54G? debug.cgi Shell Access as Gemtek"; flow:established,to_server; content:"|0d 0a|Authorization\: Basic R2VtdGVrOmdlbXRla3N3ZA?==|0d 0a|"; uricontent:"/debug.cgi"; classtype:attempted-admin; reference:url,seclists.org/fulldisclosure/2010/Jun/176; sid:2011669; rev:1;)

Added 2010-06-10 16:01:09 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats