Rule Category

SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.

Alert Message

SERVER-WEBAPP Dahua DVR email configuration download attempt

Rule Explanation

This event is generated when a Dahua DVR, or potentially another DVR leveraging the same binary protocol, is being sent a request to download the email configuration. At this time, requests sent over this protocol are unauthenticated. Impact: Attempted Information Leak Details: An attacker sends a command to the vulnerable DVR and since the request is unauthenticated, the DVR executes the request. In this case the request is to download the email configuration. This configuration includes SMTP server and plaintext credentials. The rule looks for the following: 0xA3000000 -> Command dword 0x00000000 -> Null dword config -> Configuration request 0x00000B00 -> Specifier for which config (denotes email) Ease of Attack: Simple and publicly available.

What To Look For

No information provided

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

Rule Vulnerability

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2013-3615
Loading description
CVE-2013-6117
Loading description