""ET EXPLOIT NetGear R6700v3 upnpd Buffer Overflow Inbound (CVE-2022-27643)""

SID: 2035717

Revision: 2

Class Type: attempted-admin

Metadata: attack_target Networking_Equipment, created_at 2022_04_03, cve CVE_2022_27643, deployment Perimeter, deployment Internal, signature_severity Major, updated_at 2022_04_03

Reference:

  • cve

  • 2022-27643

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: [$HOME_NET,$HTTP_SERVERS]

Destination Port: any

Flow: to_server,established

Contents:

  • Value: "POST"

  • Value: "SOAPAction|3a|"

  • Value: "urn:NETGEARROUTER:service:ParentalControl:1#Authenticate"

  • Value: ""

Within:

PCRE: "/[^<]{30,}<\/NewMACAddress>/Pi"

Special Options:

  • http_method

  • http_header

  • nocase

  • http_header

  • nocase

  • fast_pattern

  • http_client_body

  • nocase

source