TR-069: IoT before it was cool!
TR-069, the CPE WAN Management Protocol (CWMP), is the most widespread IoT management protocol. It was first released AVSystem and Axiros. Ifan aggressorcan discover", discovered by CheckPointin 2014. It's a memory corruption vulnerability in some ancient variations of Allego Software application's commercial HTTP server called. ZyXEL embedded RomPager into ZyNOS, their proprietary os for ingrained systems as well as some Linux based products. The supply chains for IoT gadgets are rather hard to follow, however it is most likely that ZyXEL( or its sister company MitraStar) work as an OEM/ODM for various other suppliers like TP-Link, Huawei, D-Link, ZTE, Edimax, etc. That explains why items from those suppliersare susceptible to "Misery Cookie" too.
the CPE by doing a scan of the WAN IP from another host on theweb. This can be achieved for instance by means of a Nmap port scan. The German publication heiseOnline hosts a really useful "Port Examine"tool that examines if TR-069, HTTP, UPnP and a couple of other services are exposed(regrettably in German only ). This research study was done by Stefan Viehböck on behalf of SEC Seek Advice From Vulnerability Lab.SEC Consult
is constantly looking for skilled security professionals to sign up with the group. More details can be found here.