Rule History

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Attempted IDSVSE IP Camera RCE"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/ctrl.cgi?language=ie&sntpip="; startswith; content:"uname"; distance:0; content:"telnet"; distance:0; content:"&timezone="; content:"&timezone=13&setdaylight=0&timeformat=2&tstampformat=2"; reference:url,en.0day.today/exploit/27569; classtype:attempted-admin; sid:2034480; rev:2; metadata:attack_target Networking_Equipment, created_at 2021_11_17, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_05_22;)