SID 1:63811

Report a false positive

Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Zyxel NAS326 remote_help-cgi backdoor creation attempt

Rule Explanation

This rule looks for requests to an HTTP endpoint that create a backdoor on the Zyxel NAS326.

What To Look For

This rule fires on attempts to create a backdoor on the Zyxel NAS326.

Known Usage

Public information/Proof of Concept available

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2024-29972

Additional Links

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024

Rule Vulnerability

Authentication Bypass

An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.

CVE-2024-29972

Loading description