TPG Community

Get online support

Archer VR1600V Open TCP Ports -- What's Normal?

SOLVED Go to solution
Dadanny9944
Level 2

Hi Tech Support/Engineering Team,

 

I'm new to the forums and wanted to ask a technical question about what TCP ports should be open on the standard TP-Link Archer VR1600v AC1600 modem router.

 

I ran an nmap scan and it returned this:

 

 

PORT         STATE       SERVICE    VERSION
53/tcp         open          domain
80/tcp         open          http
1900/tcp     open          upnp            Portable SDK for UPnP devices 1.6.19 (Linux 3.4.11-rt19; UPnP 1.0)
2323/tcp    open          telnet          BusyBox telnetd 1.14.0 or later (TP-LINK ADSL2+ router telnetd)
7547/tcp     open          http              TP-LINK TR-069 remote access


I turned off uPnP on the modem via the admin page but port 1900 still appears 'open'.

 

I know from a previous post here in the forums that port 7547 is used for firmware updates and remote admin. The post is here:

 

https://community.tpg.com.au/t5/Modems-and-Devices/Archer-VR1600v-Router-Vulnerable-Firmware-Upgrade...

 


My questions are:

 

1. Should TCP port 2323 (BusyBox) be open? I tried to find the settings in the modem's admin page (http://192.168.1.1) to try to turn it off, but I can not find this setting. I do not use BusyBox and definately did not install it myself.

 

             Is TCP port 2323 malware?

 


2. Should TCP port 1900 still be open, even though I turned it off in the modem's settings?


Thank you!

1 ACCEPTED SOLUTION

Accepted Solutions
Anonymous
Not applicable

Hi @Dadanny9944,

We're able to confirm with our Network Engineering Team that the ports are filtered by default also we enable uPnP on the modem by default so any service that is running on the LAN can use the uPnP protocols to open the port on the WAN. Please note if a factory reset has been done on the modem the settings will go back to the default settings.

Regards,

 

 

 

Hi Tech Support/Engineering Team,

 

I'm new to the forums and wanted to ask a technical question about what TCP ports should be open on the standard TP-Link Archer VR1600v AC1600 modem router.

 

I ran an nmap scan and it returned this:

 

 

PORT         STATE       SERVICE    VERSION
53/tcp         open          domain
80/tcp         open          http
1900/tcp     open          upnp            Portable SDK for UPnP devices 1.6.19 (Linux 3.4.11-rt19; UPnP 1.0)
2323/tcp    open          telnet          BusyBox telnetd 1.14.0 or later (TP-LINK ADSL2+ router telnetd)
7547/tcp     open          http              TP-LINK TR-069 remote access


I turned off uPnP on the modem via the admin page but port 1900 still appears 'open'.

 

I know from a previous post here in the forums that port 7547 is used for firmware updates and remote admin. The post is here:

 

https://community.tpg.com.au/t5/Modems-and-Devices/Archer-VR1600v-Router-Vulnerable-Firmware-Upgrade...

 


My questions are:

 

1. Should TCP port 2323 (BusyBox) be open? I tried to find the settings in the modem's admin page (http://192.168.1.1) to try to turn it off, but I can not find this setting. I do not use BusyBox and definately did not install it myself.

 

             Is TCP port 2323 malware?

 


2. Should TCP port 1900 still be open, even though I turned it off in the modem's settings?


Thank you!

View solution in original post

4 REPLIES 4
Anonymous
Not applicable

Hi @Dadanny9944

 

Thanks for raising this ot us. I'd love to help and raise this to our Network Engineering Team, send me a Private Message with your account details (Username/Customer ID) together with the address on file,

 

How do I private message (PM) in the community

 

Regard,

 

 

 

 

Hi Tech Support/Engineering Team,

 

I'm new to the forums and wanted to ask a technical question about what TCP ports should be open on the standard TP-Link Archer VR1600v AC1600 modem router.

 

I ran an nmap scan and it returned this:

 

 

PORT         STATE       SERVICE    VERSION
53/tcp         open          domain
80/tcp         open          http
1900/tcp     open          upnp            Portable SDK for UPnP devices 1.6.19 (Linux 3.4.11-rt19; UPnP 1.0)
2323/tcp    open          telnet          BusyBox telnetd 1.14.0 or later (TP-LINK ADSL2+ router telnetd)
7547/tcp     open          http              TP-LINK TR-069 remote access


I turned off uPnP on the modem via the admin page but port 1900 still appears 'open'.

 

I know from a previous post here in the forums that port 7547 is used for firmware updates and remote admin. The post is here:

 

https://community.tpg.com.au/t5/Modems-and-Devices/Archer-VR1600v-Router-Vulnerable-Firmware-Upgrade...

 


My questions are:

 

1. Should TCP port 2323 (BusyBox) be open? I tried to find the settings in the modem's admin page (http://192.168.1.1) to try to turn it off, but I can not find this setting. I do not use BusyBox and definately did not install it myself.

 

             Is TCP port 2323 malware?

 


2. Should TCP port 1900 still be open, even though I turned it off in the modem's settings?


Thank you!

Anonymous
Not applicable

Hi @Dadanny9944,

We're able to confirm with our Network Engineering Team that the ports are filtered by default also we enable uPnP on the modem by default so any service that is running on the LAN can use the uPnP protocols to open the port on the WAN. Please note if a factory reset has been done on the modem the settings will go back to the default settings.

Regards,

 

 

 

Hi Tech Support/Engineering Team,

 

I'm new to the forums and wanted to ask a technical question about what TCP ports should be open on the standard TP-Link Archer VR1600v AC1600 modem router.

 

I ran an nmap scan and it returned this:

 

 

PORT         STATE       SERVICE    VERSION
53/tcp         open          domain
80/tcp         open          http
1900/tcp     open          upnp            Portable SDK for UPnP devices 1.6.19 (Linux 3.4.11-rt19; UPnP 1.0)
2323/tcp    open          telnet          BusyBox telnetd 1.14.0 or later (TP-LINK ADSL2+ router telnetd)
7547/tcp     open          http              TP-LINK TR-069 remote access


I turned off uPnP on the modem via the admin page but port 1900 still appears 'open'.

 

I know from a previous post here in the forums that port 7547 is used for firmware updates and remote admin. The post is here:

 

https://community.tpg.com.au/t5/Modems-and-Devices/Archer-VR1600v-Router-Vulnerable-Firmware-Upgrade...

 


My questions are:

 

1. Should TCP port 2323 (BusyBox) be open? I tried to find the settings in the modem's admin page (http://192.168.1.1) to try to turn it off, but I can not find this setting. I do not use BusyBox and definately did not install it myself.

 

             Is TCP port 2323 malware?

 


2. Should TCP port 1900 still be open, even though I turned it off in the modem's settings?


Thank you!

Dadanny9944
Level 2

Thanks @Anonymous! :-)

Anonymous
Not applicable

You're welcome! 

Thanks @Shane! :-)