""ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473) - Information Leak via show_sysinfo""
SID: 2052326
Revision: 1
Class Type: attempted-admin
Metadata: affected_product Zyxel, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_05_01, cve CVE_2023_4473, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_05_01
Reference:
-
cve
-
2023-4473
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow: established,to_server
Contents:
- Value: "/cmd,/ck6fup6/system_main/show_sysinfo/" Depth: 39
Within:
PCRE: "/(?:favicon.ico|adv,\/cgi-bin\/weblogin.cgi|desktop,\/(?:file_download.cgi|cgi-bin\/dlnotify|login.html|res\/|css\/|utility\/flag\/js)|MyWeb\/|register_main\/setCookie|playzone,\/(?:mobile_login.html|mobile\/sencha\/|mobile\/images\/|images\/))/U"
Special Options:
- http_uri