alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Linksys E1500/E2500 apply.cgi RCE Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/apply.cgi"; depth:10; http.request_body; content:"submit_button="; depth:14; content:"&submit_type=start_ping"; distance:0; fast_pattern; content:"&ping_size="; distance:0; content:"|3b|"; within:30; reference:url,www.exploit-db.com/exploits/24936; classtype:attempted-user; sid:2027099; rev:3; metadata:attack_target IoT, created_at 2019_03_19, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2020_11_18;)