[[message.message]]
ET EXPLOIT D-Link HNAP SOAPAction Comman... ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)
Here you can find all the details about the rule " ET EXPLOIT D-Link HNAP SOAPAction Comman... ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932) ". Propose edits, view related rules, and engage with the community through comments.
[[ currentRule.format.toUpperCase()
]]
[[ currentRule.title ]]
[[ currentRule.editor[0].toUpperCase() ]]
[[ currentRule.author[0].toUpperCase() ]]
[[ currentRule.editor ]]
[[ currentRule.author ]]
|
[[ dayjs.utc(currentRule.last_modif).fromNow() ]]
[[ currentRule.description ]]
Original UUID:
2034491
UUID:
3a081a01-f513-4236-b225-a69a4759962d
Created:
19/12/2025
License:
GPL-2.0
Source:
Unknown
Source:
[[ currentRule.source ]]
[[ currentRule.source ]]
Editor:
admin admin
Rule Content
v 1.0 v [[ currentRule.version ]][[ currentRule.to_string ]]{
"uuid": "574ea778-8795-478b-b47b-c6828857d953",
"Object": [
{
"name": "suricata",
"meta-category": "network",
"template_uuid": "3c177337-fb80-405a-a6c1-1b2ddea8684a",
"description": "An object describing one or more Suricata rule(s) along with version and contextual information.",
"template_version": "2",
"uuid": "09f6f0b0-4f7e-4171-80bd-669d8089540d",
"Attribute": [
{
"uuid": "706e076f-0470-40f4-842c-513e29eb58f9",
"object_relation": "suricata",
"value": "alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:\"ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)\"; flow:established,to_server; http.uri; content:\"/hnap1/\"; nocase; http.header; content:\"soapaction|3a 20|\"; nocase; content:\"http|3a 2f 2f|purenetworks|2e|com|2f|hnap1|2f|getdevicesettings\"; within:60; fast_pattern; nocase; pcre:\"/^[^\\x26]*?(?:(?:\\x3b|%3[Bb])|(?:\\x0a|%0[Aa])|(?:\\x60|%60)|(?:\\x7c|%7[Cc])|(?:\\x24|%24))+/R\"; reference:url,www.exploit-db.com/exploits/37171; reference:cve,2015-2051; reference:cve,2019-10891; reference:cve,2022-37056; reference:cve,2024-33112; reference:cve,2025-11488; reference:cve,2025-63932; classtype:attempted-admin; sid:2034491; rev:7; metadata:affected_product D_Link, attack_target Networking_Equipment, tls_state plaintext, created_at 2021_11_17, cve CVE_2015_2051, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_12_05, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services; target:dest_ip;)",
"type": "snort",
"disable_correlation": false,
"to_ids": true,
"category": "Network activity"
},
{
"uuid": "64108683-55ef-4523-b56e-d900bc4c34dd",
"object_relation": "suricata-rule-name",
"value": "ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "ce06d3ef-3f5e-4522-9551-c44583831d0e",
"object_relation": "comment",
"value": "No description provided",
"type": "comment",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "d686c1a0-0c3c-4e3c-be08-1f5077189a81",
"object_relation": "version",
"value": "7",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "006e8c00-87b2-4476-9321-8e34556657de",
"object_relation": "reference",
"value": "emerging-all.rules.zip by admin admin",
"type": "link",
"disable_correlation": false,
"to_ids": false,
"category": "External analysis"
}
],
"distribution": "5",
"sharing_group_id": "0"
}
]
}Similar Rules
Related Bundles
[[ bundleListRule.length ]] TotalNo bundles found for this rule.
Loading...
Please log in to propose an edit.
No edit proposals found for this rule.
[[ comments_list.length ]] Comments
Join the conversation
Login to replyCommunity Discussion
No comments yet
Be the first to share your thoughts on this rule!