Et rule 2034480 - Magic-SigExplorer

""ET EXPLOIT Attempted IDSVSE IP Camera RCE""

SID: 2034480

Revision: 2

Class Type: attempted-admin

Metadata: attack_target Networking_Equipment, created_at 2021_11_17, deployment Perimeter, deployment Internal, signature_severity Major, updated_at 2024_05_22

Reference:

Link

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: $EXTERNAL_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

Value: "GET"
Value: "/ctrl.cgi?language=ie&sntpip=" Depth: 29
Value: "uname"
Value: "telnet"
Value: "&timezone="
Value: "&timezone=13&setdaylight=0&timeformat=2&tstampformat=2"

Within:

PCRE:

Special Options:

http_method
http_uri
http_uri
http_uri
http_uri
http_uri

source