alert http any any -> $HOME_NET 52869 (msg:"ET EXPLOIT Realtek SDK Miniigd UPnP? SOAP Command Execution CVE-2014-8361"; flow:established,to_server; urilen:12; content:"POST"; http_method; content:"/picdesc.xml"; http_uri; content:"SOAPAction|3a 20|urn|3a|schemas-upnp-org|3a|service|3a|WANIPConnection|3a|"; http_header; metadata: former_category EXPLOIT; reference:url,; reference:cve,CVE-2014-8361; reference:url,; reference:url,; classtype:attempted-user; sid:2025132; rev:2; metadata:attack_target IoT?, created_at 2017_12_05, updated_at 2017_12_05;)

Added 2017-12-06 16:36:39 UTC

Need to update the rule. All the reference URLs refer to "picsdesc.xml" and NOT "picdesc.xml". Rule should be updated to reflect that.

-- PrateekParanjpe - 2018-02-05

Topic revision: r2 - 2018-02-05 - PrateekParanjpe
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats