Versions (2)
Version DetailsCurrent
Rev: 1 • Sep 25, 2025, 12:00 PMET WEB_SPECIFIC_APPS ASUS GT-AC2900 Authentication Bypass via Null Character in asus_token HTTP Cookie (CVE-2021-32030)
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ASUS GT-AC2900 Authentication Bypass via Null Character in asus_token HTTP Cookie (CVE-2021-32030)"; flow:established,to_server; http.uri; content:"/appGet.cgi|3f|"; startswith; content:"hook|3d|get_cfg_clientlist|28 29|"; fast_pattern; http.cookie; content:"asus_token|3d|"; pcre:"/^(?:\x00|\x2500|\x5c0)/R"; reference:url,www.atredis.com/blog/2021/4/30/asus-authentication-bypass; reference:cve,2021-32030; classtype:web-application-attack; sid:2064924; rev:1; metadata:affected_product Asus, created_at 2025_09_25, cve CVE_2021_32030, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_09_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
Sep 25, 2025, 12:00 PM
Sep 25, 2025, 12:00 PM
Sep 25, 2025, 9:34 PM
Sep 26, 2025, 9:34 PM
rules/emerging-web_specific_apps.rules