alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Possible TerraMaster TOS RCE Inbound (CVE-2020-28188 CVE-2020-35665)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/makecvs.php?Event="; fast_pattern; pcre:"/(?:[\x60\x3b\x7c]|%60|%3b|%7c|%26|(?:\x3c\x3e\x24]|%3c|%3e|%24)(?:\x28|%28))/R"; http.uri.raw; content:"%20"; reference:url,research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/; reference:cve,2020-28188; reference:cve,2020-35665; classtype:attempted-admin; sid:2031535; rev:3; metadata:attack_target Server, created_at 2021_01_21, cve CVE_2020_28188, deployment Perimeter, deployment Internal, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_11_18;)