alert tcp any any -> $HOME_NET 6690 (msg:"ET EXPLOIT Synology Driver Server SQL Injection (CVE-2024-50631)"; flow:established,to_server; content:"|25 52 18 14 46 12 00 00 42|"; startswith; content:"|10 00 1a|sharing_link_customization|10 00|"; fast_pattern; pcre:"/^.{1,20}[\x27\x22\x3b\x2d\x5c\x2a\x2f]/R"; reference:url,github.com/kiddo-pwn/CVE-2024-50629_50631; reference:cve,2024-50631; classtype:bad-unknown; sid:2066335; rev:1; metadata:affected_product Synology, attack_target Server, created_at 2025_12_16, cve CVE_2024_50631, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2025_12_16, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)