Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Port 7547 (tcp/udp) Attack Activity - SANS Internet Storm Center Port 7547 (tcp/udp) Attack Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port Information
Protocol Service Name
tcp TR069 Router Remote Admin
[get complete service list]
Port diary mentions
Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
TR-069 NewNTPServer Exploits: What we know so far
User Comments
Submitted By Date
2016-12-03 01:49:23
SOAP attack against some routers. See
Johannes 2016-11-29 00:13:52
See article about Mirai variant exploiting this vulnerability:
2016-11-29 00:12:00
The last 2 days, I've seen a tremendous increase of scans against 7547/tcp on 4 different and independent firewalls on 4 different ISPs. Those firewalls are strict and will quickly block offending IP addresses, so I can't say much about the persistence. But there are each day 200-400 hosts trying to connect to each of these firewalls each day now.
2016-11-29 00:11:56
Just seen a huge spike in scans on 7547 against my networks, commencing at exactly 261400Z Nov 26.
2016-11-29 00:11:51
Misfortune Cookie CVE-2014-9222 "A serious vulnerability in an embedded Web server used by many router models from different manufacturers allows remote attackers to take control of affected devices over the Internet."
Add a comment
CVE Links
CVE # Description