Handler on Duty: Johannes Ullrich
Threat Level: green
Loading...
|
|
URL |
---|
Port 7547 SOAP Remote Code Execution Attack Against DSL Modems |
TR-069 NewNTPServer Exploits: What we know so far |
Does it matter if iptables isn't running on my honeypot? |
Submitted By | Date |
---|---|
Comment | |
2016-12-03 01:49:23 | |
SOAP attack against some routers. See https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/ | |
Johannes | 2016-11-29 00:13:52 |
See article about Mirai variant exploiting this vulnerability: https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/1#38415 | |
2016-11-29 00:12:00 | |
The last 2 days, I've seen a tremendous increase of scans against 7547/tcp on 4 different and independent firewalls on 4 different ISPs. Those firewalls are strict and will quickly block offending IP addresses, so I can't say much about the persistence. But there are each day 200-400 hosts trying to connect to each of these firewalls each day now. | |
2016-11-29 00:11:56 | |
Just seen a huge spike in scans on 7547 against my networks, commencing at exactly 261400Z Nov 26. | |
2016-11-29 00:11:51 | |
Misfortune Cookie CVE-2014-9222 "A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet." http://www.pcworld.com/article/2861232/vulnerability-in-embedded-web-server-exposes-millions-of-routers-to-hacking.html |
CVE # | Description |
---|