TPG Community

Get online support

Archer VR1600V Open TCP Ports -- What's Normal?

Dadanny9944
Level 2

Hi Tech Support/Engineering Team,

 

I'm new to the forums and wanted to ask a technical question about what TCP ports should be open on the standard TP-Link Archer VR1600v AC1600 modem router.

 

I ran an nmap scan and it returned this:

 

 

PORT         STATE       SERVICE    VERSION
53/tcp         open          domain
80/tcp         open          http
1900/tcp     open          upnp            Portable SDK for UPnP devices 1.6.19 (Linux 3.4.11-rt19; UPnP 1.0)
2323/tcp    open          telnet          BusyBox telnetd 1.14.0 or later (TP-LINK ADSL2+ router telnetd)
7547/tcp     open          http              TP-LINK TR-069 remote access


I turned off uPnP on the modem via the admin page but port 1900 still appears 'open'.

 

I know from a previous post here in the forums that port 7547 is used for firmware updates and remote admin. The post is here:

 

https://community.tpg.com.au/t5/Modems-and-Devices/Archer-VR1600v-Router-Vulnerable-Firmware-Upgrade...

 


My questions are:

 

1. Should TCP port 2323 (BusyBox) be open? I tried to find the settings in the modem's admin page (http://192.168.1.1) to try to turn it off, but I can not find this setting. I do not use BusyBox and definately did not install it myself.

 

             Is TCP port 2323 malware?

 


2. Should TCP port 1900 still be open, even though I turned it off in the modem's settings?


Thank you!

1 REPLY 1
Shane
Moderator

Hi @Dadanny9944

 

Thanks for raising this ot us. I'd love to help and raise this to our Network Engineering Team, send me a Private Message with your account details (Username/Customer ID) together with the address on file,

 

How do I private message (PM) in the community

 

Regard,

 

 

 

 

Hi Tech Support/Engineering Team,

 

I'm new to the forums and wanted to ask a technical question about what TCP ports should be open on the standard TP-Link Archer VR1600v AC1600 modem router.

 

I ran an nmap scan and it returned this:

 

 

PORT         STATE       SERVICE    VERSION
53/tcp         open          domain
80/tcp         open          http
1900/tcp     open          upnp            Portable SDK for UPnP devices 1.6.19 (Linux 3.4.11-rt19; UPnP 1.0)
2323/tcp    open          telnet          BusyBox telnetd 1.14.0 or later (TP-LINK ADSL2+ router telnetd)
7547/tcp     open          http              TP-LINK TR-069 remote access


I turned off uPnP on the modem via the admin page but port 1900 still appears 'open'.

 

I know from a previous post here in the forums that port 7547 is used for firmware updates and remote admin. The post is here:

 

https://community.tpg.com.au/t5/Modems-and-Devices/Archer-VR1600v-Router-Vulnerable-Firmware-Upgrade...

 


My questions are:

 

1. Should TCP port 2323 (BusyBox) be open? I tried to find the settings in the modem's admin page (http://192.168.1.1) to try to turn it off, but I can not find this setting. I do not use BusyBox and definately did not install it myself.

 

             Is TCP port 2323 malware?

 


2. Should TCP port 1900 still be open, even though I turned it off in the modem's settings?


Thank you!