Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Port 7547 (tcp/udp) Attack Activity Port 7547 (tcp/udp) Attack Activity


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Loading...
[get complete service list]
Port Information
Protocol Service Name
tcp TR069 Router Remote Admin
Top IPs Scanning
TodayYesterday
78.128.5.228 (134)78.128.125.2 (45510)
78.128.125.2 (122)78.128.5.228 (45177)
78.128.95.94 (113)78.128.95.94 (40526)
78.128.41.7 (84)78.128.16.28 (23507)
78.128.100.175 (62)78.128.100.175 (23473)
78.128.16.28 (53)78.128.84.241 (23382)
78.128.41.27 (52)78.128.41.7 (23045)
78.128.84.241 (50)78.128.107.188 (22403)
78.128.107.188 (49)78.128.41.27 (21075)
34.199.17.23 (3)178.162.65.138 (1460)
Port diary mentions
URL
Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
TR-069 NewNTPServer Exploits: What we know so far
User Comments
Submitted By Date
Comment
2016-12-03 01:49:23
SOAP attack against some routers. See https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/
Johannes 2016-11-29 00:13:52
See article about Mirai variant exploiting this vulnerability: https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/1#38415
2016-11-29 00:12:00
The last 2 days, I've seen a tremendous increase of scans against 7547/tcp on 4 different and independent firewalls on 4 different ISPs. Those firewalls are strict and will quickly block offending IP addresses, so I can't say much about the persistence. But there are each day 200-400 hosts trying to connect to each of these firewalls each day now.
2016-11-29 00:11:56
Just seen a huge spike in scans on 7547 against my networks, commencing at exactly 261400Z Nov 26.
2016-11-29 00:11:51
Misfortune Cookie CVE-2014-9222 "A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet." http://www.pcworld.com/article/2861232/vulnerability-in-embedded-web-server-exposes-millions-of-routers-to-hacking.html
Add a comment
CVE Links
CVE # Description