""ET EXPLOIT Netgear R6260 Mini_httpd Buffer Overflow Attempt - Possible RCE (CVE-2021-34979)""
SID: 2035446
Revision: 2
Class Type: trojan-activity
Metadata: attack_target Networking_Equipment, created_at 2022_03_14, cve CVE_2021_34979, deployment Perimeter, deployment Internal, signature_severity Major, updated_at 2022_03_14
Reference:
-
cve
-
2021-34979
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "SOAPAction|3a 20|"
-
Value: "urn:NETGEAR-ROUTER:service:"
-
Value: !"|0d 0a|"
-
Value: "|3c 3f|xml" Depth: 5
Within: 131
PCRE: "/^SOAPAction\x3a\x20\x22?urn\x3aNETGEAR-ROUTER\x3aservice\x3a.{128,}(?!:\d#)/Hm"
Special Options:
-
http_header
-
http_header
-
fast_pattern
-
http_header
-
http_client_body