""ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE""
SID: 2023548
Revision: 3
Class Type: trojan-activity
Metadata: affected_product Eir_D1000_Modem, attack_target Networking_Equipment, created_at 2016_11_28, deployment Perimeter, signature_severity Major, updated_at 2022_08_09
Reference:
-
md5
-
a19d5b596992407796a33c5e15489934
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: any
Destination Port: [5555,7547]
Flow: to_server,established
Contents:
-
Value: "urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"
-
Value: "NewNTPServer"
-
Value: ">"
Within: 5
PCRE: "/^.{0,10}[\x3b\x0a\x26\x60\x7c\x24]/R"
Special Options:
- nocase