""ET EXPLOIT TP-Link TL-WR840N/TL-WR841N - Authentication Bypass (Add Port Forwarding)""
SID: 2025750
Revision: 2
Class Type: attempted-user
Metadata: affected_product TPLINK, attack_target IoT, created_at 2018_06_26, deployment Datacenter, signature_severity Major, updated_at 2018_06_26
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: any
Flow: established,to_server
Contents:
-
Value: "/cgi?3"
-
Value: "/mainFrame.htm"
-
Value: "IP_CONN_PORTTRIGGERING"
-
Value: "openProtocol"
-
Value: "openPort="
Within:
PCRE:
Special Options:
-
http_uri
-
http_header
-
http_client_body
-
http_client_body
-
http_client_body