I was have the same issue today. The compromised port and were the vulnerability get into my router was API 8728. I got this because i'm checking dayly my routers, and the rules was placed 3 minutes before, and i got this in the log. the router that i have is a Lab router to catch this kind of issue...