Rule History

SID: 2024121 • Source: et/open

Versions (5)

Version DetailsCurrent

Rev: 6 • Mar 30, 2017, 12:00 PM

Message:

ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174)

Rule:

alert http any any -> $HOME_NET any (msg:"ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174)"; flow:to_server,established; http.uri; content:"/lang_check.html"; content:"timestamp="; http.request_body; content:"&hidden_lang_avi="; isdataat:36,relative; content:!"|00|"; within:36; content:!"|25|"; within:36; content:!"|26|"; within:36; classtype:attempted-admin; sid:2024121; rev:6; metadata:affected_product Netgear_Router, attack_target Client_Endpoint, created_at 2017_03_30, cve CVE_2016_10174, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2020_11_05; target:dest_ip;)

Created:

Mar 30, 2017, 12:00 PM

Updated:

Nov 5, 2020, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

May 30, 2025, 12:04 AM

Filename:

rules/emerging-exploit.rules