ET EXPLOIT Shenzhen TVT DVR/NVR/IPC WebUI RCE ADD Attempt
Sourceet/open
Fileemerging-exploit.rules
CreatedApril 19, 2022
UpdatedMarch 26, 2024
Classificationattempted-admin
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT Shenzhen TVT DVR/NVR/IPC WebUI RCE ADD Attempt"; flow:established,to_server ; http.method; content:"POST"; http.uri; bsize:22; content:"/editBlackAndWhiteList"; http.request_body; content:"clientType|3d 22|WEB|22 3e|"; content:"|3c|addressType|3e|ip|3c 2f|addressType|3e 3c|ip|3e|"; distance:0; fast_pattern; pcre:"/^(?:[\x60\x3b\x7c]|%60|%3b|%7c|%26|(?:[\x3c\x3e\x24]|%3c|%3e|%24)(?:\x28|%28))/R" ; reference:url,github.com/mcw0/PoC/blob/master/TVT_and_OEM_IPC_NVR_DVR_RCE_Backdoor_and_Information_Disclosure.txt ; classtype:attempted-admin; sid:2036253; rev:3; metadata:created_at 2022_04_19, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_26;)
References
Metadata
created at2022_04_19
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_26
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!