alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Possible Cisco RV320 RCE Attempt (CVE-2019-1652)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/certificate_handle2.htm?type="; http.request_body; content:"page=self_generator.htm&totalRules="; depth:35; fast_pattern; content:"|25 32 37 25 32 34 25 32 38|"; distance:0; reference:url,seclists.org/fulldisclosure/2019/Jan/54; classtype:trojan-activity; sid:2026860; rev:2; metadata:attack_target Networking_Equipment, created_at 2019_01_29, cve CVE_2019_1652, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2020_08_27;)