""ET EXPLOIT DCN DCBI-Netlog-LAB Remote Code Execution Vulnerability Attempt (CVE-2023-26802)""

SID: 2048549

Revision: 1

Class Type: attempted-admin

Metadata: attack_target IoT, created_at 2023_10_12, cve CVE_2023_26802, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Minor, updated_at 2023_10_12, reviewed_at 2023_10_12, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application

Reference:

  • cve

  • 2023-26802

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "GET"

  • Value: "/cgi-bin/network_config/nsg_masq.cgi?" Depth: 37

  • Value: "&proto="

Within:

PCRE: "/(?:(wget|curl))/R"

Special Options:

  • http_method

  • fast_pattern

  • http_uri

  • http_uri

source