ET WEB_SPECIFIC_APPS D-Link DIR-605L/DIR-618 Multiple Authentication Bypass URI Endpoints (CVE-2025-2546 - CVE-2025-2553)
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedApril 16, 2025
UpdatedApril 16, 2025
Classificationweb-application-attack
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS D-Link DIR-605L/DIR-618 Multiple Authentication Bypass URI Endpoints (CVE-2025-2546 - CVE-2025-2553)"; flow:established,to_server ; http.method; content:"POST"; http.uri; content:"/goform/form"; fast_pattern; startswith; pcre:"/^(?:AdvFirewall|AdvNetwork|SetDDNS|SetDomainFilter|SetPassword|SetPortTr|TcpipSetup|VirtualServ)/R" ; http.header_names; to_lowercase; content:!"|0d 0a|cookie|0d 0a|"; reference:cve,2025-2546 ; reference:cve,2025-2547 ; reference:cve,2025-2548 ; reference:cve,2025-2549 ; reference:cve,2025-2550 ; reference:cve,2025-2551 ; reference:cve,2025-2552 ; reference:cve,2025-2553 ; reference:url,lavender-bicycle-a5a.notion.site/CVE-1ab53a41781f804898a0effa45d0f15d ; classtype:web-application-attack; sid:2061621; rev:1; metadata:created_at 2025_04_16, cve CVE_2025_2546_CVE_2025_2553, signature_severity Unknown, updated_at 2025_04_16;)
References
Metadata
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!