ET EXPLOIT Netgear R6260 Mini_httpd Buffer Overflow Attempt - Possible RCE (CVE-2021-34979)
Sourceet/open
Fileemerging-exploit.rules
CreatedMarch 14, 2022
UpdatedApril 25, 2024
Classificationtrojan-activity
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Netgear R6260 Mini_httpd Buffer Overflow Attempt - Possible RCE (CVE-2021-34979)"; flow:established,to_server ; http.request_header; header_lowercase; content:"soapaction|3a 20|"; startswith; content:"urn:NETGEAR-ROUTER:service:" ; within:30; fast_pattern; isdataat:131,relative ; pcre:"/^SOAPAction\x3a\x20\x22?urn\x3aNETGEAR-ROUTER\x3aservice\x3a.{128,}(?!:\d#)/" ; http.request_body; content:"|3c 3f|xml"; startswith; reference:url,nstarke.github.io/netgear/nday/2022/03/13/reverse-engineering-a-netgear-nday.html ; reference:cve,2021-34979 ; classtype:trojan-activity; sid:2035446; rev:2; metadata:attack_target Networking_Equipment, created_at 2022_03_14, cve CVE_2021_34979, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, updated_at 2024_04_25;)
References
Metadata
attack targetNetworking_Equipment
created at2022_03_14
deploymentInternal
confidenceMedium
signature severityMajor
updated at2024_04_25
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!