Rule History

SID: 2052820 • Source: et/open

Versions (3)

Version DetailsCurrent

Rev: 1 • May 22, 2024, 12:00 PM

Message:

ET EXPLOIT D-Link DIR-X4860 RCE Attempt Inbound

Rule:

alert http any any -> $HOME_NET any (msg:"ET EXPLOIT D-Link DIR-X4860 RCE Attempt Inbound"; flow:established,to_server; http.request_body; content:"<soap|3a|"; content:"<SetVirtualServer"; fast_pattern; content:"<LocalIPAddress>"; pcre:"/^[^<]+\x3b/R"; http.header_names; content:"|0d 0a|HNAP_AUTH|0d 0a|"; classtype:attempted-admin; sid:2052820; rev:1; metadata:affected_product D_Link, attack_target Networking_Equipment, created_at 2024_05_22, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, updated_at 2024_05_22;)

Created:

May 22, 2024, 12:00 PM

Updated:

May 22, 2024, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Sep 21, 2024, 3:00 AM

Filename:

rules/emerging-exploit.rules