ET EXPLOIT UPnP UUID Password Change Exploit Attempt Inbound - XR300 PoC Gadgets (CVE-2021-34991)

7.0.35.0SID: 2034493Rev: 3Enabled1 views
Sourceet/open
Fileemerging-exploit.rules
CreatedNovember 18, 2021
UpdatedApril 25, 2024
Classificationattempted-admin
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT UPnP UUID Password Change Exploit Attempt Inbound - XR300 PoC Gadgets (CVE-2021-34991)"; flow:established,to_server; http.method; content:"SUBSCRIBE"; http.header_names; to_lowercase; content:"|0d 0a|uuid|0d 0a|"; fast_pattern; http.request_body; content:"|b7 05 00|"; content:"|e0 e7 02|"; distance:10; within:10; reference:url,kb.netgear.com/000064361/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0168; reference:url,blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html; reference:cve,2021-34991; classtype:attempted-admin; sid:2034493; rev:3; metadata:attack_target Server, created_at 2021_11_18, cve CVE_2021_34991, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Exploit, updated_at 2024_04_25, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)

Metadata

attack targetServer
created at2021_11_18
deploymentInternal
confidenceHigh
signature severityMajor
tagExploit
updated at2024_04_25
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!