secubox-openwrt

History

CyberMind-FR a469076297 feat(waf): Add CVE-2025-14528 router botnet detection Add new router_botnet WAF category for IoT/router exploitation: CVE-2025-14528 (D-Link DIR-803 getcfg.php): - AUTHORIZED_GROUP parameter manipulation - SERVICES=DEVICE.ACCOUNT enumeration - Newline injection bypass (%0a, %0d) Additional router exploit patterns: - D-Link hedwig.cgi, HNAP, service.cgi RCE - UPnP SOAP injection - Goform command injection - ASUS/TP-Link/Netgear/Zyxel exploits Mirai-variant botnet scanner detection: - User-Agent signatures (Mirai, Hajime, Mozi, BotenaGo, etc.) - Router payload injection patterns Sources: CrowdSec Threat Intel, Global Security Mag Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-24 11:04:05 +01:00
..
mitmproxy-waf-sync	feat(waf): Add CVE-2025-14528 router botnet detection	2026-02-24 11:04:05 +01:00
mitmproxyctl	fix(mitmproxy): Sync routes to all instance data paths	2026-02-14 06:13:45 +01:00

CyberMind-FR a469076297 feat(waf): Add CVE-2025-14528 router botnet detection

Add new router_botnet WAF category for IoT/router exploitation:

CVE-2025-14528 (D-Link DIR-803 getcfg.php):
- AUTHORIZED_GROUP parameter manipulation
- SERVICES=DEVICE.ACCOUNT enumeration
- Newline injection bypass (%0a, %0d)

Additional router exploit patterns:
- D-Link hedwig.cgi, HNAP, service.cgi RCE
- UPnP SOAP injection
- Goform command injection
- ASUS/TP-Link/Netgear/Zyxel exploits

Mirai-variant botnet scanner detection:
- User-Agent signatures (Mirai, Hajime, Mozi, BotenaGo, etc.)
- Router payload injection patterns

Sources: CrowdSec Threat Intel, Global Security Mag

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-24 11:04:05 +01:00

mitmproxy-waf-sync

feat(waf): Add CVE-2025-14528 router botnet detection

2026-02-24 11:04:05 +01:00

mitmproxyctl

fix(mitmproxy): Sync routes to all instance data paths

2026-02-14 06:13:45 +01:00