[[message.message]]
ET EXPLOIT Possible ZyXEL P660HN-T v1 RC... ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)
Here you can find all the details about the rule " ET EXPLOIT Possible ZyXEL P660HN-T v1 RC... ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368) ". Propose edits, view related rules, and engage with the community through comments.
[[ currentRule.format.toUpperCase()
]]
[[ currentRule.title ]]
[[ currentRule.editor[0].toUpperCase() ]]
[[ currentRule.author[0].toUpperCase() ]]
[[ currentRule.editor ]]
[[ currentRule.author ]]
|
[[ dayjs.utc(currentRule.last_modif).fromNow() ]]
[[ currentRule.description ]]
Original UUID:
2027092
UUID:
964ff6c4-c57d-4da0-be21-0ec1c0d5f7fe
Created:
19/12/2025
License:
GPL-2.0
Source:
Unknown
Source:
[[ currentRule.source ]]
[[ currentRule.source ]]
Editor:
admin admin
Rule Content
v 1.0 v [[ currentRule.version ]][[ currentRule.to_string ]]{
"uuid": "c7fe0d5a-e3c5-4f7e-b1e8-5f082c190129",
"Object": [
{
"name": "suricata",
"meta-category": "network",
"template_uuid": "3c177337-fb80-405a-a6c1-1b2ddea8684a",
"description": "An object describing one or more Suricata rule(s) along with version and contextual information.",
"template_version": "2",
"uuid": "35ab50f5-3895-4fd4-b77b-f2155fd2c5c1",
"Attribute": [
{
"uuid": "1acf4fce-7743-4fdb-8c0f-bd62db357e07",
"object_relation": "suricata",
"value": "alert http $EXTERNAL_NET any -> $HOME_NET any (msg:\"ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)\"; flow:established,to_server; http.method; content:\"POST\"; http.uri; content:\"/cgi-bin/ViewLog.asp\"; startswith; endswith; http.request_body; content:\"remote_submit_Flag=\"; startswith; content:\"&remote_host=\"; distance:0; content:\"&remoteSubmit=Save|0d 0a 0d 0a|\"; endswith; fast_pattern; reference:url,seclists.org/fulldisclosure/2017/Jan/40; reference:cve,2017-18368; reference:url,github.com/pedrib/PoC/blob/master/advisories/zyxel_trueonline.txt; classtype:attempted-user; sid:2027092; rev:6; metadata:attack_target IoT, created_at 2019_03_18, cve CVE_2017_18368, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_04_13;)",
"type": "snort",
"disable_correlation": false,
"to_ids": true,
"category": "Network activity"
},
{
"uuid": "6d81c30e-67da-4738-a226-8f23b3cd9ec7",
"object_relation": "suricata-rule-name",
"value": "ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "050fedea-eb61-4e5f-bd0e-77f40cf53647",
"object_relation": "comment",
"value": "No description provided",
"type": "comment",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "6eb960c8-1a83-4cf2-8d26-d96a28df81f0",
"object_relation": "version",
"value": "6",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "cfd1868d-20a7-4875-abb4-5a5c5dc22135",
"object_relation": "reference",
"value": "emerging-all.rules.zip by admin admin",
"type": "link",
"disable_correlation": false,
"to_ids": false,
"category": "External analysis"
}
],
"distribution": "5",
"sharing_group_id": "0"
}
]
}Similar Rules
Related Bundles
[[ bundleListRule.length ]] TotalNo bundles found for this rule.
Loading...
Please log in to propose an edit.
No edit proposals found for this rule.
[[ comments_list.length ]] Comments
Join the conversation
Login to replyCommunity Discussion
No comments yet
Be the first to share your thoughts on this rule!