Think you have a false positive on this rule?

Sid 1-50751


SERVER-WEBAPP Seowonintech diagnostic.cgi command injection attempt


This event is generated when a remote command injection exploit attempt against a Seowonintech device is detected.


Command execution on the affected device

Detailed information

The rule looks for characters associated with a command injection attack in a vulnerable HTTP parameter.

Affected systems

Ease of attack


False positives

None known

False negatives

None known

Corrective action

Ensure your Seowonintech devices are patched and running on the latest stable firmware. If your Seowonintech devices are not patched and this rule alerts, immediately isolate and remediate the targeted device in accordance with your organization's incident response policy.


  • Cisco Talos Intelligence Group

Additional References

  • CVE-2016-10760