The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\WININIT.EXE.
2. Then this attack happened a few seconds later:
An intrusion attempt by 178.72.75.118 was blocked
Category: Intrusion Prevention Web Attack: Realtek SDK RCE CVE-2014-8361
Attacker URL: http://76.196.0.54:49152/soap.cgi?service=WANIPConn1
The attack was resulted from \DEVICE\HARDDISKVOLUME4\WINDOWS\SYSTEM32\WININIT.EXE.
I am highly concerned and have some questions:
1. Is this related to the Zyxel Command Attacks? Are they trying a new strategy now? The IP looks different.
2. What caused these attacks to happen? How are so many people getting my IP address?
3. What new vulnerability are they trying to exploit and what else can I do to minimize these attacks? (besides contacting my ISP or changing my devices)
Does your modem/router/gateway receive security updates?
Vulnerability Details : CVE-2014-8361
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
This IP address has been reported a total of 281 times from 29 distinct sources. 178.72.75.118 was first reported on February 24th 2021, and the most recent report was 3 months ago.
Old Reports: The most recent abuse report for this IP address is from 3 months ago. It is possible that this IP is no longer involved in abusive activities.