Rule History

alert http $EXTERNAL_NET any -> [$HTTP_SERVERS,$HOME_NET] any (msg:"ET EXPLOIT Xiongmai/HiSilicon DVR - Request for Product Details Possible CVE-2017-7577 Exploit Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"mnt/custom/ProductDefinition"; nocase; endswith; fast_pattern; reference:cve,2017-7577; reference:url,vulncheck.com/blog/xiongmai-iot-exploitation; reference:url,github.com/tothi/pwn-hisilicon-dvr/blob/master/pwn_hisilicon_dvr.py; classtype:web-application-attack; sid:2041450; rev:1; metadata:attack_target IoT, created_at 2022_12_01, cve CVE_2017_7577, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_12_01;)