Versions (7)
Version DetailsCurrent
Rev: 2 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Raisecom GPON RCE via command injection (CVE-2019-7384)
alert http any any -> any any (msg: "ATTACK [PTsecurity] Raisecom GPON RCE via command injection (CVE-2019-7384)"; flow: established, to_server; content: "POST"; http_method; content: "/boaform/admin/formgponConf"; http_uri; content: "fmgpon_loid"; http_client_body; pcre: "/fmgpon_loid\s*=\s*(\x7c|%7c)/Pi"; reference: cve, 2019-7384; reference: url, s3curityb3ast.github.io/KSA-Dev-005.md; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10004527; rev: 2;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules