""ET EXPLOIT Netgear passwordrecovered.cgi attempt""

SID: 2017969

Revision: 3

Class Type: attempted-admin

Metadata: created_at 2014_01_15, cve CVE_2017_5521, updated_at 2017_11_28

Reference:

  • cve

  • 2017-5521

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: any

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

  • Value: "POST"

  • Value: "/passwordrecovered.cgi?id="

Within:

PCRE:

Special Options:

  • nocase

  • http_method

  • nocase

  • http_uri

source