alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Riello Netman 204 UPS SQL Injection Attempt (CVE-2024-8877)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cgi-bin/db_"; fast_pattern; startswith; pcre:"/^(?:eventlog|datalog|multimetr)/R"; content:"_w.cgi|3f|"; distance:0; content:"type|3d|"; distance:0; pcre:"/^[^\x26]*?(?:\x27|%27)/R"; reference:url,cyberdanube.com/security-research/multiple-vulnerabilities-in-riello-netman-204/; reference:cve,2024-8877; classtype:attempted-admin; sid:2058117; rev:1; metadata:affected_product Riello_UPS, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_12_06, cve CVE_2024_8877, deployment Perimeter, deployment Internal, deployment Datacenter, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2024_12_06; target:dest_ip;)