alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT D-Link DCS-930L Remote Command Execution attempt"; flow:to_server,established; urilen:17; http.method; content:"POST"; nocase; http.uri; content:"/setSystemCommand"; nocase; http.request_body; content:"SystemCommand="; nocase; reference:url,www.exploit-db.com/exploits/39437/; classtype:web-application-attack; sid:2022518; rev:3; metadata:created_at 2016_02_13, confidence Medium, signature_severity Major, updated_at 2020_06_24;)