CVE-2012-1922

Sep 24, 2021 ·

Detection of CVE-2012-1922 observed from our Honeypots

Sigma rule (View on GitHub)

 1title: CVE-2012-1922
 2status: experimental
 3description: Detection of CVE-2012-1922 observed from our Honeypots
 4references:
 5  - http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities
 6  - https://www.exploit-db.com/exploits/18651
 7author: Loginsoft Research Unit
 8date: 2021/09/01
 9logsource:
10  product: Sitecom WLM-2501
11  category: Router
12detection:
13  selection:
14    c-uri: "/goform/formWsc"
15    cs-method: "POST"
16  keywords1:
17    - "submit-url=/wlwps.asp"
18    - "resetUnCfg=0"
19    - "setPIN=Start PIN"
20    - "configVxd=off"
21    - "resetRptUnCfg=0"
22    - "peerRptPin="
23  keywords2:
24    - "wget"
25    - "curl"
26  condition: selection and keywords1 and keywords2
27level: High

References

http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities

Read More
OffSec’s Exploit Database Archive

Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities. CVE-80538CVE-2012-1922CVE-2012-1921 . webapps exploit for ASP platform

Read More

CVE-2012-1922

Sigma rule (View on GitHub)

References

http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities

OffSec’s Exploit Database Archive