Versions (6)
Version DetailsCurrent
Rev: 1 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Raisecom GPON RCE via command injection (CVE-2019-7385)
alert http any any -> any any (msg: "ATTACK [PTsecurity] Raisecom GPON RCE via command injection (CVE-2019-7385)"; flow: established, to_server; content: "POST"; http_method; content: "/boaform/formPasswordSetup"; http_uri; content: "confpass"; http_client_body; pcre: "/(newpass|confpass)\s*=\s*\x60/P"; reference: cve, 2019-7385; reference: url, s3curityb3ast.github.io/KSA-Dev-006.md; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10004526; rev: 1;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules