""ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound""
SID: 2027339
Revision: 3
Class Type: trojan-activity
Metadata: attack_target IoT, created_at 2019_05_08, cve CVE_2014_8361, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2019_07_26
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 52869
Flow: established,to_server
Contents:
-
Value: "POST" Depth: 4
-
Value: "SOAPAction|3a 20|urn|3a|schemas-upnp-org|3a|service|3a|WANIPConnection|3a|"
-
Value: "|3c|u|3a|AddPortMapping"
-
Value: "|3c|NewRemoteHost|3e|"
-
Value: "|3c|NewInternalClient"
-
Value: "|3c 2f|NewInternalClient|3e|"
-
Value: "NewEnabled|3e|1"
Within:
PCRE:
Special Options:
- fast_pattern