""ET EXPLOIT NetGear R6700v3 upnpd Buffer Overflow Inbound (CVE-2022-27643)""

SID: 2035717

Revision: 2

Class Type: attempted-admin

Metadata: attack_target Networking_Equipment, created_at 2022_04_03, cve CVE_2022_27643, deployment Perimeter, deployment Internal, signature_severity Major, updated_at 2022_04_03

Reference:

• cve

• 2022-27643

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: [$HOME_NET,$HTTP_SERVERS]

Destination Port: any

Flow: to_server,established

Contents:

• Value: "POST"

• Value: "SOAPAction|3a|"

• Value: "urn:NETGEARROUTER:service:ParentalControl:1#Authenticate"

• Value: ""

Within:

PCRE: "/[^<]{30,}<\/NewMACAddress>/Pi"

Special Options:

• http_method

• http_header

• nocase

• http_header

• nocase

• fast_pattern

• http_client_body

• nocase

source