ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)
Here you can find all the details about the rule "ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)". Propose edits, view related rules, and engage with the community through comments.
[[ currentRule.title ]]
[[ currentRule.description ]]
Rule Content
v [[ currentRule.version ]][[ currentRule.to_string ]]{
"id": 157391,
"format": "suricata",
"title": "ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)",
"license": "GPL-2.0",
"description": "No description provided",
"uuid": "964ff6c4-c57d-4da0-be21-0ec1c0d5f7fe",
"original_uuid": "2027092",
"source": "emerging-all.rules.zip by admin admin",
"author": "Unknown",
"creation_date": "2025-12-19 09:55",
"last_modif": "2025-12-19 09:55",
"vote_up": 0,
"vote_down": 0,
"user_id": 1,
"version": "6",
"to_string": "alert http $EXTERNAL_NET any -> $HOME_NET any (msg:\"ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)\"; flow:established,to_server; http.method; content:\"POST\"; http.uri; content:\"/cgi-bin/ViewLog.asp\"; startswith; endswith; http.request_body; content:\"remote_submit_Flag=\"; startswith; content:\"&remote_host=\"; distance:0; content:\"&remoteSubmit=Save|0d 0a 0d 0a|\"; endswith; fast_pattern; reference:url,seclists.org/fulldisclosure/2017/Jan/40; reference:cve,2017-18368; reference:url,github.com/pedrib/PoC/blob/master/advisories/zyxel_trueonline.txt; classtype:attempted-user; sid:2027092; rev:6; metadata:attack_target IoT, created_at 2019_03_18, cve CVE_2017_18368, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_04_13;)",
"is_favorited": false,
"cve_id": "{CVE-2017-18368}"
}{
"uuid": "d69081b9-9df4-43fb-bb97-5d4de78e1cd0",
"Object": [
{
"name": "suricata",
"meta-category": "network",
"template_uuid": "3c177337-fb80-405a-a6c1-1b2ddea8684a",
"description": "An object describing one or more Suricata rule(s) along with version and contextual information.",
"template_version": "2",
"uuid": "30b8cb9b-c988-4596-a4d5-2973762aff29",
"Attribute": [
{
"uuid": "7c61b54a-b0b9-40e6-97dc-cbe908af8656",
"object_relation": "suricata",
"value": "alert http $EXTERNAL_NET any -> $HOME_NET any (msg:\"ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)\"; flow:established,to_server; http.method; content:\"POST\"; http.uri; content:\"/cgi-bin/ViewLog.asp\"; startswith; endswith; http.request_body; content:\"remote_submit_Flag=\"; startswith; content:\"&remote_host=\"; distance:0; content:\"&remoteSubmit=Save|0d 0a 0d 0a|\"; endswith; fast_pattern; reference:url,seclists.org/fulldisclosure/2017/Jan/40; reference:cve,2017-18368; reference:url,github.com/pedrib/PoC/blob/master/advisories/zyxel_trueonline.txt; classtype:attempted-user; sid:2027092; rev:6; metadata:attack_target IoT, created_at 2019_03_18, cve CVE_2017_18368, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_04_13;)",
"type": "snort",
"disable_correlation": false,
"to_ids": true,
"category": "Network activity"
},
{
"uuid": "c1990c4a-10cf-402e-be6e-09cda6b7a878",
"object_relation": "suricata-rule-name",
"value": "ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "d3a0dfe7-7276-40d3-9bd0-a07d40ec6a59",
"object_relation": "comment",
"value": "No description provided",
"type": "comment",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "5a2d00af-004f-4340-afe1-976f5711516d",
"object_relation": "version",
"value": "6",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "79613d86-a676-4b20-b91e-6cecdbf1545b",
"object_relation": "reference",
"value": "emerging-all.rules.zip by admin admin",
"type": "link",
"disable_correlation": false,
"to_ids": false,
"category": "External analysis"
}
],
"distribution": "5",
"sharing_group_id": "0"
}
]
}Similar Rules
More RulesThe similarity is calculated using the TF-IDF (Term Frequency - Inverse Document Frequency) vectorization of each rule's text, followed by computing the cosine similarity between vectors.
This method compares the textual content of the rules, giving higher weight to distinctive terms and lower weight to common terms. It is robust to small changes in wording.
Learn more on the official scikit-learn documentation: TF-IDF Vectorizer & Cosine Similarity
[[ rule.title ]]
[[ rule.description ]]
Related Bundles
[[ bundleListRule.length ]] TotalNo bundles found for this rule.
Please log in to propose an edit.
No edit proposals found for this rule.
[[ comments_list.length ]] Comments
Join the conversation
Login to replyCommunity Discussion
No comments yet
Be the first to share your thoughts on this rule!