ET EXPLOIT COMTREND ADSL Router CT-5367 Remote DNS Change Attempt

SID: 2023467Rev: 40 views
Sourceet/open
CreatedOctober 31, 2016
UpdatedMarch 3, 2021
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT COMTREND ADSL Router CT-5367 Remote DNS Change Attempt"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/dnscfg.cgi?"; fast_pattern; nocase; content:"dnsPrimary="; content:"dnsRefresh="; nocase; reference:url,www.expku.com/remote/5853.html; classtype:attempted-admin; sid:2023467; rev:4; metadata:attack_target Client_Endpoint, created_at 2016_10_31, deployment Perimeter, signature_severity Major, updated_at 2021_03_03;)

References

urlwww.expku.com/remote/5853.html

Metadata

attack targetClient_Endpoint
created at2016_10_31
deploymentPerimeter
signature severityMajor
updated at2021_03_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!