1name: crowdsecurity/vpatch-CVE-2023-47218
2description: "QNAP QTS - RCE (CVE-2023-47218)"
3rules:
4  - and:
5      - zones:
6          - METHOD
7        match:
8          type: equals
9          value: POST
10      - zones:
11          - URI
12        transform:
13          - lowercase
14        match:
15          type: endsWith
16          value: /cgi-bin/quick/quick.cgi
17      - zones:
18          - ARGS
19        variables:
20          - func
21        transform:
22          - lowercase
23        match:
24          type: equals
25          value: "switch_os"
26      - zones:
27          - ARGS
28        variables:
29          - todo
30        transform:
31          - lowercase
32        match:
33          type: equals
34          value: "uploaf_firmware_image"
35labels:
36  type: exploit
37  service: http
38  confidence: 3
39  spoofable: 0
40  behavior: "http:exploit"
41  label: "QNAP QTS - RCE"
42  classification:
43    - cve.CVE-2023-47218
44    - attack.T1595
45    - attack.T1190
46    - cwe.CWE-78
47    - cwe.CWE-77
48