alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Ruckus Wireless Admin Remote Code Execution Attempt (CVE 2023-25717)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/forms/doLogin?login_username="; startswith; fast_pattern; content:"&password="; distance:0; content:"|24 28|"; distance:0; content:"|29|"; endswith; reference:cve,2023-25717; classtype:attempted-admin; sid:2045783; rev:1; metadata:affected_product Router, attack_target Networking_Equipment, created_at 2023_05_19, cve CVE_2023_25717, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_05_19, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)