""ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution""
SID: 2020899
Revision: 3
Class Type: attempted-admin
Metadata: created_at 2015_04_13, cve CVE_2016_6563, updated_at 2016_11_10
Reference:
-
cve
-
2016-6563
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "POST"
-
Value: "SOAPAction|3a|"
-
Value: "http|3a|//purenetworks.com/HNAP1/"
Within:
PCRE: "/^SOAPAction\x3a\s+?[^\r\n]*?http\x3a\/\/purenetworks.com\/HNAP1\/([^\x2f]+?[\x2f])?[^\x2f]/Hmi"
Special Options:
-
http_method
-
http_header
-
fast_pattern
-
http_header