SID: 2025735

Revision: 2

Class Type: web-application-attack

Metadata: affected_product TPLINK, attack_target IoT, created_at 2018_06_22, deployment Datacenter, performance_impact Low, signature_severity Major, updated_at 2018_06_22

Reference:

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: to_server,established

Contents:

  • Value: "/wps.setup.json"

  • Value: "operation=write"

  • Value: "option=connect"

  • Value: "wps_setup_pin="

  • Value: "%2Fbin%2Fsh"

Within:

PCRE:

Special Options:

  • fast_pattern

  • nocase

  • http_uri

  • http_client_body

  • http_client_body

  • http_client_body

  • http_client_body

source