alert http any any -> any [5555,7547] (msg:"ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE "; flow:to_server,established; content:"urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"; nocase; http_header; fast_pattern; reference:url,devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/; reference:md5,a19d5b596992407796a33c5e15489934; classtype:trojan-activity; sid:2023548; rev:4; metadata:affected_product Eir_D1000_Modem, attack_target Networking_Equipment, deployment Perimeter, signature_severity Major, created_at 2016_11_28, updated_at 2019_10_07;)

Added 2019-10-08 19:34:41 UTC


alert http any any -> any [5555,7547] (msg:"ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE "; flow:to_server,established; content:"urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"; nocase; http_header; fast_pattern:only; reference:url,devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/; reference:md5,a19d5b596992407796a33c5e15489934; classtype:trojan-activity; sid:2023548; rev:3; metadata:affected_product Eir_D1000_Modem, attack_target Networking_Equipment, deployment Perimeter, signature_severity Major, created_at 2016_11_28, updated_at 2016_11_29;)

Added 2018-09-13 19:53:12 UTC


Added 2018-09-13 18:01:16 UTC


alert http any any -> any [5555,7547] (msg:"ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE "; flow:to_server,established; content:"urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"; nocase; http_header; fast_pattern:only; reference:url,devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/; reference:md5,a19d5b596992407796a33c5e15489934; classtype:trojan-activity; sid:2023548; rev:3; metadata:affected_product Eir_D1000_Modem, attack_target Networking_Equipment, deployment Perimeter, signature_severity Major, created_at 2016_11_28, updated_at 2016_11_29;)

Added 2017-08-07 21:18:43 UTC


alert http any any -> any [5555,7547] (msg:"ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE "; flow:to_server,established; content:"urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"; nocase; http_header; fast_pattern:only; reference:url,devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/; reference:md5,a19d5b596992407796a33c5e15489934; classtype:trojan-activity; sid:2023548; rev:3;)

Added 2016-11-29 17:26:34 UTC


alert http any any -> any 7547 (msg:"ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE "; flow:to_server,established; content:"urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"; nocase; http_header; fast_pattern:only; reference:url,devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/; reference:md5,a19d5b596992407796a33c5e15489934; classtype:trojan-activity; sid:2023548; rev:2;)

Added 2016-11-28 18:57:54 UTC


Topic revision: r1 - 2019-10-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats