""ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)""
SID: 2027063
Revision: 2
Class Type: attempted-admin
Metadata: attack_target IoT, created_at 2019_03_06, cve CVE_2018_10561, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2019_03_06
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "POST"
-
Value: "?images/"
-
Value: "XWebPageName=diag&diag" Depth: 22
Within:
PCRE: "/(?:\/GponForm\/diag_FORM\?images\/|.html\?images\/)/Ui"
Special Options:
-
http_method
-
http_uri
-
http_client_body