Handler on Duty: Didier Stevens
Threat Level: green
Loading...
|
|
||||||||||||||||||||||||||||||||||
| URL |
|---|
| Port 7547 SOAP Remote Code Execution Attack Against DSL Modems |
| TR-069 NewNTPServer Exploits: What we know so far |
| Does it matter if iptables isn't running on my honeypot? |
| Submitted By | Date |
|---|---|
| Comment | |
| 2016-12-03 01:49:23 | |
| SOAP attack against some routers. See https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/ | |
| Johannes | 2016-11-29 00:13:52 |
| See article about Mirai variant exploiting this vulnerability: https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/1#38415 | |
| 2016-11-29 00:12:00 | |
| The last 2 days, I've seen a tremendous increase of scans against 7547/tcp on 4 different and independent firewalls on 4 different ISPs. Those firewalls are strict and will quickly block offending IP addresses, so I can't say much about the persistence. But there are each day 200-400 hosts trying to connect to each of these firewalls each day now. | |
| 2016-11-29 00:11:56 | |
| Just seen a huge spike in scans on 7547 against my networks, commencing at exactly 261400Z Nov 26. | |
| 2016-11-29 00:11:51 | |
| Misfortune Cookie CVE-2014-9222 "A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet." http://www.pcworld.com/article/2861232/vulnerability-in-embedded-web-server-exposes-millions-of-routers-to-hacking.html | |
| CVE # | Description |
|---|
© 2024 SANS™ Internet Storm Center
Developers: We have an API for you! 