SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP NETGEAR Nighthawk RAX30 router SOAP authentication bypass attempt
This rule looks for an attempt to overwrite the client IP address to "127.0.0.1" on the stack by overflowing the HTTP method, path, or protocol field.
This rule alerts on an attempt bypass SOAP API authentication using a buffer overflow.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
Rule Categories::Server::Web Applications
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
No information provided