ET EXPLOIT Netgear R6260 Mini_httpd Buffer Overflow Attempt - Possible RCE (CVE-2021-34979) - Suricata Rule 2035446 (et/open)

ET EXPLOIT Netgear R6260 Mini_httpd Buffer Overflow Attempt - Possible RCE (CVE-2021-34979)

SID: 2035446Rev: 11 viewsHistory

Sourceet/open

CreatedMarch 14, 2022

UpdatedMarch 14, 2022

Classificationtrojan-activity

alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Netgear R6260 Mini_httpd Buffer Overflow Attempt - Possible RCE (CVE-2021-34979)"; flow:established,to_server; http.header; content:"SOAPAction|3a 20|"; content:"urn:NETGEAR-ROUTER:service:"; within:30; fast_pattern; content:!"|0d 0a|"; within:131; pcre:"/^SOAPAction\x3a\x20\x22?urn\x3aNETGEAR-ROUTER\x3aservice\x3a.{128,}(?!:\d#)/Hm"; http.request_body; content:"|3c 3f|xml"; startswith; reference:url,nstarke.github.io/netgear/nday/2022/03/13/reverse-engineering-a-netgear-nday.html; reference:cve,2021-34979; classtype:trojan-activity; sid:2035446; rev:1; metadata:attack_target Networking_Equipment, created_at 2022_03_14, cve CVE_2021_34979, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, updated_at 2022_03_14;)

References

url	nstarke.github.io/netgear/nday/2022/03/13/reverse-engineering-a-netgear-nday.html
cve	2021-34979

Metadata

attack targetNetworking_Equipment

created at2022_03_14

cveCVE-2021-34979

deploymentInternal

confidenceMedium

signature severityMajor

updated at2022_03_14

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!