ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution

SID: 2020899Rev: 51 viewsHistory

Sourceet/open

CreatedApril 13, 2015

UpdatedAugust 3, 2020

Classificationattempted-admin

alert http any any -> $HOME_NET any (msg:"ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution"; flow:established,to_server; http.method; content:"POST"; http.header; content:"SOAPAction|3a|"; content:"http|3a|//purenetworks.com/HNAP1/"; fast_pattern; pcre:"/^SOAPAction\x3a\s+?[^\r\n]*?http\x3a\/\/purenetworks\.com\/HNAP1\/([^\x2f]+?[\x2f])?[^\x2f]/mi"; reference:url,devttys0.com/2015/04/hacking-the-d-link-dir-890l/; reference:cve,2016-6563; classtype:attempted-admin; sid:2020899; rev:5; metadata:created_at 2015_04_13, cve CVE_2016_6563, confidence Medium, signature_severity Major, updated_at 2020_08_03;)

References

url	devttys0.com/2015/04/hacking-the-d-link-dir-890l/
cve	2016-6563

Metadata

created at2015_04_13

cveCVE-2016-6563

confidenceMedium

signature severityMajor

updated at2020_08_03

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!