""ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473)""

SID: 2052325

Revision: 1

Class Type: attempted-admin

Metadata: affected_product Zyxel, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_05_01, cve CVE_2023_4473, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, updated_at 2024_05_01

Reference:

• cve

• 2023-4473

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "/cmd,/ck6fup6/" Depth: 14

Within:

PCRE: "/\/(?:favicon.ico|adv,\/cgi-bin\/weblogin.cgi|desktop,\/(?:file_download.cgi|cgi-bin\/dlnotify|login.html|res\/|css\/|utility\/flag\/js)|MyWeb\/|register_main\/setCookie|playzone,\/(?:mobile_login.html|mobile\/sencha\/|mobile\/images\/|images\/))/U"

Special Options:

• http_uri

• fast_pattern

source