Home/Network IDS rules
IDS / IPS

Network IDS rules

129 rules · linked to T1210 · Snort / Suricata signatures
Network intrusion-detection signatures from open rulesets (ET Open, Snort Community, abuse.ch). These match malicious traffic patterns on the wire. Expand a rule to view its source link.

Rules

50 shown of 129
et-open attempted-user
ET EXPLOIT Ruckus vRIoT Command Injection Attempt Inbound (CVE-2020-26878)
sid 2031114 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Nette Command Injection Attempt Inbound (CVE-2020-15227)
sid 2031222 format suricata
et-open attempted-admin
ET EXPLOIT Trend Micro IWSVA Unauthenticated Command Injection Inbound (CVE-2020-8466)
sid 2032533 format suricata
et-open attempted-admin
ET EXPLOIT Klog Server Command Injection Inbound (CVE-2021-3317)
sid 2032638 format suricata
et-open attempted-admin
ET EXPLOIT Cisco RV320/RV325 Command Injection Attempt Inbound (CVE-2019-1652)
sid 2033088 format suricata
et-open attempted-user
ET EXPLOIT Unknown Command Injection Attempt Inbound (Possible Mirai Activity)
sid 2033272 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - certmngr.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)
sid 2033294 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - certmngr.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)
sid 2033295 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - factory.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)
sid 2033296 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - factory.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)
sid 2033297 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - language.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)
sid 2033298 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - language.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)
sid 2033299 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - oem.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)
sid 2033300 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - oem.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)
sid 2033301 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - simple_reclistjs.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)
sid 2033302 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - simple_reclistjs.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)
sid 2033303 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - testcmd.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)
sid 2033304 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - testcmd.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)
sid 2033305 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - tmpapp.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)
sid 2033306 format suricata
et-open attempted-admin
ET EXPLOIT UDP Technology Firmware (IP Cam) - tmpapp.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)
sid 2033307 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Apache Kylin REST API DiagnosisService Command Injection Inbound (CVE-2020-13925)
sid 2033404 format suricata
et-open attempted-admin
ET EXPLOIT Sunhillo SureLine Unauthenticated OS Command Injection Inbound (CVE-2021-36380)
sid 2033459 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS PHP-Fusion Downloads.php Command Injection (CVE-2020-24949)
sid 2033462 format suricata
et-open attempted-admin
ET EXPLOIT eMerge E3 Command Injection Inbound (CVE-2019-7256)
sid 2033757 format suricata
et-open attempted-admin
ET EXPLOIT Possible Mirai Infection Attempt via OS Command Injection Outbound (CVE-2021-32305)
sid 2033856 format suricata
et-open attempted-admin
ET EXPLOIT Possible Mirai Infection Attempt via OS Command Injection Inbound (CVE-2021-32305)
sid 2033857 format suricata
et-open attempted-admin
ET EXPLOIT Pulse Secure Post-Auth OS Command Injection (CVE-2019-11539)
sid 2034014 format suricata
et-open attempted-admin
ET EXPLOIT Cisco HyperFlex OS Command Injection M1 (CVE-2021-1497)
sid 2034043 format suricata
et-open attempted-admin
ET EXPLOIT Cisco HyperFlex OS Command Injection M2 (CVE-2021-1497)
sid 2034044 format suricata
et-open attempted-admin
ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051, CVE-2019-10891, CVE-2022,37056, CVE-2024-33112, CVE-2025-11488, CVE-2025-63932)
sid 2034491 format suricata
et-open attempted-admin
ET EXPLOIT Qianxin Netcom NGFW Command Injection
sid 2034885 format suricata
et-open attempted-admin
ET EXPLOIT NodeJS System Information Library Command Injection Attempt (CVE-2021-21315)
sid 2034973 format suricata
et-open attempted-admin
ET EXPLOIT Totolink - Command Injection Attempt Inbound (CVE-2022-26210)
sid 2035744 format suricata
et-open attempted-admin
ET EXPLOIT Totolink - Command Injection Attempt Inbound (CVE-2022-26186)
sid 2035745 format suricata
et-open attempted-admin
ET EXPLOIT Totolink - Command Injection Attempt Inbound (CVE-2022-25075)
sid 2035746 format suricata
et-open attempted-admin
ET EXPLOIT D-Link DWR Command Injection Inbound (CVE-2018-10823)
sid 2035953 format suricata
et-open attempted-admin
ET EXPLOIT Telesquare SDT-CW3B1 1.1.0 - OS Command Injection (CVE-2021-46422)
sid 2036663 format suricata
et-open attempted-admin
ET EXPLOIT Zyxel NWA-1100-NH Command Injection Attempt (CVE-2021-4039)
sid 2036737 format suricata
et-open attempted-admin
ET EXPLOIT Possible Zavio IP Camera OS Command Injection Attempt Inbound (CVE-2013-2568)
sid 2038502 format suricata
et-open attempted-admin
ET EXPLOIT GL iNet MTN300n Command Injection Attempt Inbound (CVE-2022-31898)
sid 2039794 format suricata
et-open attempted-admin
ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)
sid 2039833 format suricata
et-open attempted-admin
ET EXPLOIT Razer Sila Router - Command Injection Attempt Inbound (wget) (No CVE)
sid 2044530 format suricata
et-open attempted-admin
ET EXPLOIT Razer Sila Router - Command Injection Attempt Inbound (curl) (No CVE)
sid 2044531 format suricata
et-open attempted-admin
ET EXPLOIT Razer Sila Router - Command Injection Attempt Inbound (find) (No CVE)
sid 2044532 format suricata
et-open attempted-admin
ET EXPLOIT Razer Sila Router - Command Injection Attempt Inbound (sh) (No CVE)
sid 2044533 format suricata
et-open attempted-admin
ET EXPLOIT TP-Link Archer AX21 Unauthenticated Command Injection Inbound (CVE-2023-1389)
sid 2044585 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Altenergy Power Control Software Command Injection Attempt (CVE-2022-25237)
sid 2044825 format suricata
et-open attempted-admin
ET EXPLOIT Possible Command Injection via User-Agent (PwnAgent) - CVE-2023-24749, CVE-2022-47208
sid 2045636 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Chamilo CMS wsConvertPpt Command Injection Attempt (CVE-2023-34960)
sid 2047056 format suricata
et-open attempted-admin
ET WEB_SPECIFIC_APPS Mailtrail v0.53 Command Injection Attempt
sid 2047673 format suricata
Showing 51-100 of 129
Prev 2 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin