alert http any any -> $HOME_NET any (msg:"ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174)"; flow:to_server,established; http.uri; content:"/lang_check.html"; content:"timestamp="; http.request_body; content:"&hidden_lang_avi="; isdataat:36,relative; content:!"|00|"; within:36; content:!"|25|"; within:36; content:!"|26|"; within:36; classtype:attempted-admin; sid:2024121; rev:6; metadata:affected_product Netgear_Router, attack_target Client_Endpoint, created_at 2017_03_30, cve CVE_2016_10174, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2020_11_05; target:dest_ip;)