Versions (2)
Version DetailsCurrent
Rev: 2 • Dec 3, 2019, 12:00 PMET EXPLOIT Observed Orange LiveBox Router Information Leakage Attempt (CVE-2018-20377)
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Observed Orange LiveBox Router Information Leakage Attempt (CVE-2018-20377)"; flow:established,to_server; http.request_line; content:"GET|20|"; startswith; content:"/get_getnetworkconf.cgi|20|HTTP/1.1"; fast_pattern; endswith; http.header_names; content:!"Referer"; reference:url,badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials; reference:cve,2018-20377; classtype:trojan-activity; sid:2029091; rev:2; metadata:affected_product Router, attack_target Client_Endpoint, created_at 2019_12_03, cve CVE_2018_20377, deployment Perimeter, signature_severity Major, updated_at 2022_03_24, reviewed_at 2024_02_20;)
Dec 3, 2019, 12:00 PM
Mar 24, 2022, 12:00 PM
Dec 3, 2019, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-exploit.rules