Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: TCP/UDP Port 7547 Activity - SANS Internet Storm Center TCP/UDP Port 7547 Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
Port Information
Protocol Service Name
tcp TR069 Router Remote Admin
[get complete service list]
User Comments
Submitted By Date
Comment
2016-12-03 01:49:23
SOAP attack against some routers. See https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/
Johannes 2016-11-29 00:13:52
See article about Mirai variant exploiting this vulnerability: https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/1#38415
2016-11-29 00:12:00
The last 2 days, I've seen a tremendous increase of scans against 7547/tcp on 4 different and independent firewalls on 4 different ISPs. Those firewalls are strict and will quickly block offending IP addresses, so I can't say much about the persistence. But there are each day 200-400 hosts trying to connect to each of these firewalls each day now.
2016-11-29 00:11:56
Just seen a huge spike in scans on 7547 against my networks, commencing at exactly 261400Z Nov 26.
2016-11-29 00:11:51
Misfortune Cookie CVE-2014-9222 "A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet." http://www.pcworld.com/article/2861232/vulnerability-in-embedded-web-server-exposes-millions-of-routers-to-hacking.html
Add a comment
CVE Links
CVE # Description