Versions (5)
Version DetailsCurrent
Rev: 2 • Mar 16, 2021, 12:00 PMET EXPLOIT ZTE Cable Modem RCE Attempt (CVE-2014-2321)
alert http any any -> any any (msg:"ET EXPLOIT ZTE Cable Modem RCE Attempt (CVE-2014-2321)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/web_shell_cmd.gch"; fast_pattern; http.request_body; content:"IF_ACTION=apply&IF_ERRORSTR=SUCC&"; startswith; reference:url,twitter.com/bad_packets/status/1235106406144937984; reference:cve,2014-2321; reference:url,github.com/stasinopoulos/ZTExploit/; classtype:attempted-user; sid:2032077; rev:2; metadata:affected_product Router, attack_target IoT, created_at 2021_03_16, cve CVE_2014_2321, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_03_16;)
Mar 16, 2021, 12:00 PM
Mar 16, 2021, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 15, 2025, 9:36 PM
rules/emerging-exploit.rules