Versions (4)
Version DetailsCurrent
Rev: 2 • May 1, 2024, 12:00 PMET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473) - Information Leak via show_sysinfo
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473) - Information Leak via show_sysinfo"; flow:established,to_server; http.uri; content:"/cmd,/ck6fup6/system_main/show_sysinfo/"; fast_pattern; startswith; pcre:"/(?:favicon.ico|adv,\/cgi-bin\/weblogin\.cgi|desktop,\/(?:file_download\.cgi|cgi-bin\/dlnotify|login\.html|res\/|css\/|utility\/flag\/js)|MyWeb\/|register_main\/setCookie|playzone,\/(?:mobile_login\.html|mobile\/sencha\/|mobile\/images\/|images\/))/R"; reference:url,bugprove.com/knowledge-hub/cve-2023-4473-and-cve-2023-4474-authentication-bypass-and-multiple-blind-os-command-injection-vulnerabilities-in-zyxel-s-nas-326-devices/; reference:cve,2023-4473; classtype:attempted-admin; sid:2052326; rev:2; metadata:affected_product Zyxel, created_at 2024_05_01, cve CVE_2023_4473, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
May 1, 2024, 12:00 PM
Nov 26, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 13, 2025, 9:35 PM
rules/emerging-web_specific_apps.rules