""ET EXPLOIT Eir D1000 Modem CWMP Exploit Retrieving Wifi Key""
SID: 2023549
Revision: 2
Class Type: trojan-activity
Metadata: affected_product Eir_D1000_Modem, attack_target Networking_Equipment, created_at 2016_11_28, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2016_11_29
Reference:
-
md5
-
a19d5b596992407796a33c5e15489934
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: any
Destination Port: [5555,7547]
Flow: to_server,established
Contents:
-
Value: "urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"
-
Value: "|3c 75 3a 47 65 74 53 65 63 75 72 69 74 79 4b 65 79 73|"
Within:
PCRE:
Special Options:
- nocase