Think you have a false positive on this rule?

Sid 1-50752

Message

SERVER-WEBAPP Seowonintech system_config.cgi local file include attempt

Summary

This event is generated when a file information disclosure exploit attempt against a Seowonintech device is detected.

Impact

Sensitive information disclosed from the affected device.

Detailed information

This rule looks for file traversal characters in a vulnerable HTTP parameter.

Affected systems

Ease of attack

Simple

False positives

None known

False negatives

None known

Corrective action

Ensure your Seowonintech devices are patched and running on the latest stable firmware. If your Seowonintech devices are not patched and this rule alerts, immediately isolate and remediate the targeted device in accordance with your organization's incident response policy.

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • CVE-2016-10760
  • ethical-hacker.org/en/seowonintech-remote-root/