CVE-2020-25506

calendar Jun 28, 2021  ยท
Share on: linkedin copy

Detection of CVE-2020-25506 observed from our Honeypots

Sigma rule (View on GitHub)

 1title: CVE-2020-25506
 2status: experimental
 3description: Detection of CVE-2020-25506 observed from our Honeypots
 4references:
 5  - https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675
 6author: Loginsoft Research Unit
 7date: 2021/05/06
 8logsource:
 9  product: D-Link DNS-320 FW
10  category: Firmware
11detection:
12  selection:
13    c-uri: "/cgi-bin/system_mgr.cgi?"
14    cs-method: "POST"
15    c-uri-query: "C1=ON&cmd=cgi_ntp_time&f_ntp_server="
16  keywords:
17      - "wget"
18      - "curl"
19      - "/tmp"
20  condition: selection and keywords
21level: High

References

to-top