ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE

SID: 2023548Rev: 70 views
History
Sourceet/open
CreatedNovember 28, 2016
UpdatedJuly 8, 2025
Classificationtrojan-activity
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Eir D1000 Modem CWMP Exploit RCE"; flow:to_server,established; http.header; content:"urn|3a|dslforum-org|3a|service|3a|Time|3a|1#SetNTPServers"; fast_pattern; http.request_body; content:"NewNTPServer"; content:">"; distance:0; within:5; pcre:"/^.{0,10}[\x3b\x0a\x26\x60\x7c\x24]/R"; reference:url,devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/; reference:md5,a19d5b596992407796a33c5e15489934; classtype:trojan-activity; sid:2023548; rev:7; metadata:affected_product Eir_D1000_Modem, attack_target Networking_Equipment, created_at 2016_11_28, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2025_07_08;)

References

urldevicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
md5
a19d5b596992407796a33c5e15489934
Google SearchBrave Search

Metadata

affected productEir_D1000_Modem
attack targetNetworking_Equipment
created at2016_11_28
deploymentPerimeter
confidenceMedium
signature severityMajor
updated at2025_07_08

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!