alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Netgear DGN Remote Code Execution (CVE-2024-12847)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd="; fast_pattern; startswith; content:"&curpath=/&currentsetting.htm=1"; endswith; http.header_names; content:!"Referer"; content:!"User-Agent"; reference:url,exploit-db.com/exploits/25978; reference:cve,2024-12847; classtype:attempted-admin; sid:2034576; rev:3; metadata:affected_product Netgear_Router, attack_target Networking_Equipment, created_at 2021_12_02, deployment Perimeter, confidence High, signature_severity Major, tag Exploit, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_12_03, reviewed_at 2024_06_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)