ET WEB_SPECIFIC_APPS DigiEver DS-2105 Pro time_tzsetup.cgi ntp Parameter Command Injection Attempt (CVE-2023-52163)
Here you can find all the details about the rule "ET WEB_SPECIFIC_APPS DigiEver DS-2105 Pro time_tzsetup.cgi ntp Parameter Command Injection Attempt (CVE-2023-52163)". Propose edits, view related rules, and engage with the community through comments.
[[ currentRule.title ]]
[[ currentRule.description ]]
Rule Content
v [[ currentRule.version ]][[ currentRule.to_string ]]{
"id": 178589,
"format": "suricata",
"title": "ET WEB_SPECIFIC_APPS DigiEver DS-2105 Pro time_tzsetup.cgi ntp Parameter Command Injection Attempt (CVE-2023-52163)",
"license": "GPL-2.0",
"description": "No description provided",
"uuid": "4a2ce0da-19c1-4ac2-8563-c3c1c67d6db6",
"original_uuid": "2062137",
"source": "emerging-all.rules.zip by admin admin",
"author": "Unknown",
"creation_date": "2025-12-19 10:21",
"last_modif": "2025-12-19 10:21",
"vote_up": 0,
"vote_down": 0,
"user_id": 1,
"version": "1",
"to_string": "alert http any any -> $HOME_NET any (msg:\"ET WEB_SPECIFIC_APPS DigiEver DS-2105 Pro time_tzsetup.cgi ntp Parameter Command Injection Attempt (CVE-2023-52163)\"; flow:established,to_server; http.method; content:\"POST\"; http.uri; bsize:21; content:\"/cgi-bin/cgi_main.cgi\"; http.request_body; content:\"cgiName|3d|time_tzsetup.cgi\"; fast_pattern; content:\"ntp|3d|\"; pcre:\"/^[^\\x26]*?(?:(?:\\x3b|%3[Bb])|(?:\\x0a|%0[Aa])|(?:\\x60|%60)|(?:\\x7c|%7[Cc])|(?:\\x24|%24))+/R\"; reference:cve,2023-52163; reference:url,www.akamai.com/blog/security-research/digiever-fix-that-iot-thing; classtype:attempted-admin; sid:2062137; rev:1; metadata:affected_product DigiEver, attack_target IoT, tls_state plaintext, created_at 2025_05_06, cve CVE_2023_52163, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_05_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)",
"is_favorited": false,
"cve_id": "{CVE-2023-52163}"
}{
"uuid": "6dcc2db9-d321-46b9-8aa3-e2185f3e652e",
"Object": [
{
"name": "suricata",
"meta-category": "network",
"template_uuid": "3c177337-fb80-405a-a6c1-1b2ddea8684a",
"description": "An object describing one or more Suricata rule(s) along with version and contextual information.",
"template_version": "2",
"uuid": "1d13dc4f-d136-4692-adf7-fff4efd2e292",
"Attribute": [
{
"uuid": "28f0734e-5dba-4ed8-9330-ac2badcb858c",
"object_relation": "suricata",
"value": "alert http any any -> $HOME_NET any (msg:\"ET WEB_SPECIFIC_APPS DigiEver DS-2105 Pro time_tzsetup.cgi ntp Parameter Command Injection Attempt (CVE-2023-52163)\"; flow:established,to_server; http.method; content:\"POST\"; http.uri; bsize:21; content:\"/cgi-bin/cgi_main.cgi\"; http.request_body; content:\"cgiName|3d|time_tzsetup.cgi\"; fast_pattern; content:\"ntp|3d|\"; pcre:\"/^[^\\x26]*?(?:(?:\\x3b|%3[Bb])|(?:\\x0a|%0[Aa])|(?:\\x60|%60)|(?:\\x7c|%7[Cc])|(?:\\x24|%24))+/R\"; reference:cve,2023-52163; reference:url,www.akamai.com/blog/security-research/digiever-fix-that-iot-thing; classtype:attempted-admin; sid:2062137; rev:1; metadata:affected_product DigiEver, attack_target IoT, tls_state plaintext, created_at 2025_05_06, cve CVE_2023_52163, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_05_06, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)",
"type": "snort",
"disable_correlation": false,
"to_ids": true,
"category": "Network activity"
},
{
"uuid": "da27d0b4-a47f-49cc-9d77-b06c66125489",
"object_relation": "suricata-rule-name",
"value": "ET WEB_SPECIFIC_APPS DigiEver DS-2105 Pro time_tzsetup.cgi ntp Parameter Command Injection Attempt (CVE-2023-52163)",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "79159234-d7f4-47a9-95ab-b08376b06482",
"object_relation": "comment",
"value": "No description provided",
"type": "comment",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "bea4934d-04bf-45d9-a349-38f64083eb33",
"object_relation": "version",
"value": "1",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "92735791-3919-4269-9a6a-f117d77ac96b",
"object_relation": "reference",
"value": "emerging-all.rules.zip by admin admin",
"type": "link",
"disable_correlation": false,
"to_ids": false,
"category": "External analysis"
}
],
"distribution": "5",
"sharing_group_id": "0"
}
]
}Similar Rules
More RulesThe similarity is calculated using the TF-IDF (Term Frequency - Inverse Document Frequency) vectorization of each rule's text, followed by computing the cosine similarity between vectors.
This method compares the textual content of the rules, giving higher weight to distinctive terms and lower weight to common terms. It is robust to small changes in wording.
Learn more on the official scikit-learn documentation: TF-IDF Vectorizer & Cosine Similarity
[[ rule.title ]]
[[ rule.description ]]
Related Bundles
[[ bundleListRule.length ]] TotalNo bundles found for this rule.
Please log in to propose an edit.
No edit proposals found for this rule.
[[ comments_list.length ]] Comments
Join the conversation
Login to replyCommunity Discussion
No comments yet
Be the first to share your thoughts on this rule!