Submitted By |
Date |
|
2016-12-03 01:49:23 |
SOAP attack against some routers. See https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/ |
Johannes |
2016-11-29 00:13:52 |
See article about Mirai variant exploiting this vulnerability: https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/1#38415 |
|
2016-11-29 00:12:00 |
The last 2 days, I've seen a tremendous increase of scans against 7547/tcp on 4 different and independent firewalls on 4 different ISPs. Those firewalls are strict and will quickly block offending IP addresses, so I can't say much about the persistence. But there are each day 200-400 hosts trying to connect to each of these firewalls each day now. |
|
2016-11-29 00:11:56 |
Just seen a huge spike in scans on 7547 against my networks, commencing at exactly 261400Z Nov 26. |
|
2016-11-29 00:11:51 |
Misfortune Cookie
CVE-2014-9222
"A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet."
http://www.pcworld.com/article/2861232/vulnerability-in-embedded-web-server-exposes-millions-of-routers-to-hacking.html |