UK Scans Report May, 2024

UK scans by country

CountryNumber
Germany4291
Czechia4106
United States2488
China1700
India1068
UK373
Hong Kong326
Taiwan298
Ukraine292
Russia252

UK scans by port number

PortNumber
8022020
2312575
253224
80802010
211545
23231496
1101093

UK Scans by Day Of Week

UK Scans by Hour Of Day

The above data was collected by our 'honey-pot' servers that accept requests on popular port scans and online services by used by potential hackers and cyber criminals. On average our UK based listeners record 60,000 port scans per month. The data is for requests to UK based servers up to June 1, 2024
Report updated: June 1, 2024

UK Cyber Exploit Scans May, 2024

Below is a table of just some of the Http requests made by potential hackers to exploit web service vulnerabilities in the UK captured by Funnelweb.tech up to June 1, 2024. Funnelweb is our propriety UK based cyber security exploit listener and IP address capturing system.

ExploitExploit InformationCVE
TP-Link Archer AX21 (AX1800) firmware versions before 1TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.CVE-2023-1389
Util/PHP/eval-stdinUtil/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.CVE-2017-9841
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.CVE-2024-3272
A path traversal vulnerability in the file upload functionality in tinyfilemanagerA path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.CVE-2021-45010
A flaw was found in a change made to path normalization in Apache HTTP Server 2A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.CVE-2021-41773
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.CVE-2024-3273
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill ProviderImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected. CVE-2023-39553
In JetBrains TeamCity before 2023In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possibleCVE-2024-27198

Last updated: June 1, 2024

If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern industry standard components.

GET IN TOUCH

Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.


Get in touch with us today. We're looking forward to working with you


Get in Touch