""ET EXPLOIT Netgear R7000 Command Injection Exploit""

SID: 2023628

Revision: 2

Class Type: attempted-user

Metadata: affected_product Netgear_Router, attack_target Networking_Equipment, created_at 2016_12_12, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2016_12_12, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "/cgi-bin/" Depth: 9

• Value: "$IFS"

• Value: "|3b|"

Within:

PCRE:

Special Options:

• http_uri

• http_uri

• fast_pattern

• http_uri

source