alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT HiSilicon DVR - Buffer Overflow in Builtin Web Server"; flow:established,to_server; urilen:>200; http.start; content:"GET|20 01 10 8f e2 11 ff|"; depth:10; fast_pattern; content:"aaaaaaaa"; distance:0; reference:url,github.com/tothi/pwn-hisilicon-dvr/blob/master/pwn_hisilicon_dvr.py; classtype:attempted-admin; sid:2027972; rev:4; metadata:affected_product DVR, attack_target IoT, created_at 2019_09_09, deployment Perimeter, confidence High, signature_severity Major, updated_at 2020_09_03;)