""ET EXPLOIT [Rapid7] Zyxel ZTP setWanPortSt mtu Parameter Exploit Attempt (CVE-2022-30525)""
SID: 2036596
Revision: 2
Class Type: misc-attack
Metadata: attack_target Networking_Equipment, created_at 2022_05_16, cve CVE_2022_30525, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, signature_severity Major, updated_at 2022_09_30
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
-
Value: "POST"
-
Value: "/ztp/cgi-bin/handler"
-
Value: "setWanPortSt"
-
Value: "mtu"
Within:
PCRE: "/^["']\s:\s["']\s*[^0-9]+/Ri"
Special Options:
-
http_method
-
fast_pattern
-
http_uri
-
http_client_body
-
http_client_body