""ET EXPLOIT Attempted HiSilicon DVR/NVR/IPCam RCE (Outbound)""
SID: 2030488
Revision: 1
Class Type: attempted-admin
Metadata: affected_product IoT, attack_target Client_Endpoint, created_at 2020_07_09, deployment Perimeter, signature_severity Major, updated_at 2020_07_09
Reference:
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: [9530,9527,23]
Flow: established,to_server
Contents:
- Value: "|15 4f 70 65 6e 54 65 6c 6e 65 74 3a 4f 70 65 6e 4f 6e 63 65 00|"
Within:
PCRE:
Special Options: