CVE-2019-10040

Jun 28, 2021 ·

Detection of CVE-2019-10040 observed from our Honeypots

Sigma rule (View on GitHub)

 1title: CVE-2019-10040
 2status: experimental
 3description: Detection of CVE-2019-10040 observed from our Honeypots
 4references:
 5  - https://github.com/PAGalaxyLab/VulInfo/blob/master/D-Link/DIR-816/remote_cmd_exec_0/README.md
 6author: Loginsoft Research Unit
 7date: 2021/05/06
 8logsource:
 9  product: D-Link DIR-816 A2
10  category: Router
11detection:
12  selection:
13    c-uri: "/goform/SystemCommand"
14    cs-method: "POST"
15    c-uri-query: "command="
16  keywords:
17      - "wget"
18      - "curl"
19      - "/tmp"
20  condition: selection and keywords
21level: High

References

VulInfo/D-Link/DIR-816/remote_cmd_exec_0/README.md at master · PAGalaxyLab/VulInfo

These are the vulnerabilities discovered by Galaxy Lab. - PAGalaxyLab/VulInfo

Read More

CVE-2019-10040

Sigma rule (View on GitHub)

References

VulInfo/D-Link/DIR-816/remote_cmd_exec_0/README.md at master · PAGalaxyLab/VulInfo