alert udp any any -> $HOME_NET 1900 (msg:"ET EXPLOIT DD-WRT UPNP Unauthenticated Buffer Overflow (CVE-2021-27137)"; content:"M-SEARCH|20|"; startswith; content:"|0d 0a|ST|3a|"; nocase; fast_pattern; content:"uuid|3a|"; distance:0; within:6; pcre:"/^[^\r\n]{128,}\r\n/R"; reference:url,ssd-disclosure.com/ssd-advisory-dd-wrt-upnp-buffer-overflow/; reference:cve,2021-27137; classtype:attempted-admin; sid:2032326; rev:1; metadata:attack_target Networking_Equipment, created_at 2021_03_25, cve CVE_2021_27137, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_03_25;)