Versions (2)
Version DetailsCurrent
Rev: 5 • Nov 28, 2016, 12:00 PMET EXPLOIT Eir D1000 Modem CWMP Exploit Retrieving Wifi Key
alert http any any -> any [5555,7547] (msg:"ET EXPLOIT Eir D1000 Modem CWMP Exploit Retrieving Wifi Key"; flow:to_server,established; http.header; content:"urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"; nocase; fast_pattern; http.request_body; content:"|3c 75 3a 47 65 74 53 65 63 75 72 69 74 79 4b 65 79 73|"; reference:url,devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/; reference:md5,a19d5b596992407796a33c5e15489934; classtype:trojan-activity; sid:2023549; rev:5; metadata:affected_product Eir_D1000_Modem, attack_target Networking_Equipment, created_at 2016_11_28, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2020_10_07;)
Nov 28, 2016, 12:00 PM
Oct 7, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules