Below is the log entry that I found:
According to the exploit published by exploit-db located here by requesting, through a GET request, the rom-0 file contains the admin username and password. Then in the following link are instructions how to decompress the file.
The following CVE's have been recorded for these vulnerabilities that have been identified:
Also applicable is http://www.exploit-db.com/exploits/33737
Here is an article by SC Magazine about 300,000 SOHO routers that were compromised due to this vulnerability: http://www.scmagazine.com/attackers-alter-dns-configurations-remotely-compromise-300k-routers/article/336792/
I am also interested in the IP Address that touched the honeypot looking for this vulnerability. IP Address is 220.127.116.11. Looking at ripe.net the following record is pulled:
When you search for this IP Address on http://www.virustotal.com nothing comes up about this IP Address.
However, as you search the web you find a history for this IP Address as shown below:
If you do a reverse DNS lookup no PTR records are identified.