ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)

SID: 2030092Rev: 36 viewsHistory

Sourceet/open

CreatedMay 4, 2020

UpdatedApril 7, 2025

Classificationweb-application-attack

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS MVPower CCTV DVR /shell JAWS Webserver Unauthenticated Remote Command Execution (CVE-2016-20016)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/shell|3f|"; fast_pattern; startswith; pcre:"/^.*?(?:[\x3b\x7c\x24\x60]|\x2d{1,2}\w+(?:\x20|\x2520))/R"; reference:url,www.pentestpartners.com/security-blog/pwning-cctv-cameras/; reference:cve,2016-20016; classtype:web-application-attack; sid:2030092; rev:3; metadata:affected_product Linux, attack_target Web_Server, created_at 2020_05_04, deployment Perimeter, former_category MALWARE, confidence Medium, signature_severity Major, updated_at 2025_04_07; target:dest_ip;)

References

url	www.pentestpartners.com/security-blog/pwning-cctv-cameras/
cve	2016-20016

Metadata

affected productLinux

attack targetWeb_Server

created at2020_05_04

deploymentPerimeter

former categoryMALWARE

confidenceMedium

signature severityMajor

updated at2025_04_07

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!