SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt
This alert is triggered when detecting an adversary attempting to exploit a remote code execution vulnerability in the Tenda W302R wireless router. Tenda W302R is a type of wireless router. This vulnerability allows an attacker to gain access and subsequently execute commands with elevated privileges on the affected device.
ID Number
28290
Signature
alert udp $HOME_NET any -> $HOME_NET 7329 (msg:"SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt"; flow:to_server; content:"w302r_mfg|00|1"; fast_pattern:only; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:url,www.medialinkproducts.com/wirelessRouter.php; classtype:attempted-admin; sid:28290; rev:4;)
MITRE ATT&CK Technique
-
Severity
High
Recommendations/Investigative actions
It is recommended to ensure that the Tenda W302R wireless router is up-to-date with the latest security patches to mitigate known vulnerabilities. Inspect logs to determine if the attempted exploitation was successful. Look for signs of unauthorized access or further exploitation attempts.