Rule History

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ASUS RT-AC3200 Buffer Overflow in appGet.cgi (CVE-2018-14712)"; flow:established,to_server; http.uri; content:"/appGet.cgi"; startswith; content:"hook|3d|delete_sharedfolder"; fast_pattern; content:"pool|3d|"; pcre:"/^[^\x3d]{40,}/R"; reference:url,blog.securityevaluators.com/asus-routers-overflow-with-vulnerabilities-b111bc1c8eb8; reference:cve,2018-14712; classtype:web-application-attack; sid:2064923; rev:1; metadata:affected_product Asus, attack_target Networking_Equipment, created_at 2025_09_25, cve CVE_2018_14712, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_09_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)