https://nicoleman0.github.io/blog-site/tags/iot/Recent content in Iot on Corvus BlogHugoen-usWed, 28 Jan 2026 00:00:00 +0000https://nicoleman0.github.io/blog-site/posts/iot_exploit_blog_post/Wed, 28 Jan 2026 00:00:00 +0000https://nicoleman0.github.io/blog-site/posts/iot_exploit_blog_post/<h2 id="attack-summary">Attack Summary</h2> <p>On January 28, 2026 at 21:01:11 UTC, IP address 60[.]19[.]220[.]0 attempted to exploit my ICS honeypot with CVE-2017-17215, a remote code execution vulnerability in Huawei HG532 routers. The attack targeted <code>/boaform/admin/formLogin</code> with default credentials (<code>username=user&amp;psd=user</code>) via HTTP/1.0.</p> <p>The IP has two recent reports on AbuseIPDB, indicating active malicious scanning.</p> <h2 id="cve-2017-17215">CVE-2017-17215</h2> <p>CVE-2017-17215 is a remote code execution flaw in Huawei HG532 home gateways discovered in November 2017. The vulnerability exists in the router&rsquo;s UPnP implementation, where the TR-064 protocol (designed for local network configuration) was exposed to the WAN through port 37215<sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup>.</p>