TPG Community

Get online support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Archer VR1600V WARNING open ports Remote Malware Execution

District
Level 2
Level 2
‎29-12-2018 03:20 PM

Hi can someone please tell me if what you see below in the report provided by Nmap scan are correct because all our devices connected to the router have been acting strange lately (can not enter a website without the page having to give us a warning "this page is insecure and you might have your passwords stolen from you"), I've reset router numerous times and called tpg but I'm still getting same thing happen.

 

Nmap scans are showing a vunerability in the router, I haven't setup any remote connection nor have I played with any settings.

 

Nmap Scan Report - Scanned at Fri Dec 28 14:33:24 2018Scan Summary

Nmap 7.12 was initiated at Fri Dec 28 14:33:24 2018 with these arguments:
./nmap -A -T5 -d --osscan_limit -oA /data/data/com.zimperium.zanti/files/logs/34:e8:94:2c:13:8e/192.168.1.1-OsDetection 192.168.1.1 

Verbosity: 1; Debug level 1

Nmap done at Fri Dec 28 14:35:50 2018; 1 IP address (1 host up) scanned in 150.84 seconds

192.168.1.1
Address
  • 192.168.1.1 (ipv4)
  • 34:E8:94:2C:13:8E (mac)
Ports

The 992 ports scanned but not shown below are in state: closed

  • 992 ports replied with: resets

PortState (toggle closed [0] | filtered [0])ServiceReasonProductVersionExtra info
21tcpopenftp syn-ackvsftpd 2.0.8 or later  
 ssl-date 
  ERROR: Unable to obtain data from the target
 
53tcpopendomain syn-ackdnsmasq 2.67  
 dns-nsid 
  id.server: nme-sot-dns1.tpgi.com.au
  bind.version: dnsmasq-2.67 
80tcpopenhttp syn-ack   
 http-methods 
  Supported Methods: GET POST 
 http-title 
Site doesn't have a title (text/html; charset=utf-8). 
139tcpopennetbios-ssn syn-ackSamba smbd 3.X workgroup: WORKGROUP 
445tcpopenmicrosoft-ds syn-ack   
1900tcpopenupnp syn-ackPortable SDK for UPnP devices 1.6.19 Linux 3.4.11-rt19; UPnP 1.0 
2323tcpopentelnet syn-ackTP-LINK ADSL2+ router telnetd   
8200tcpopenupnp syn-ackMiniDLNA 1.1.4 Linux 2.6.35.6-45.fc14.i686; DLNADOC 1.50; UPnP 1.0 
Remote Operating System Detection
  • Used port: 21/tcp (open)
  • Used port: 1/tcp (closed)
  • Used port: 31328/udp (closed)
  • OS match: Linux 2.6.32 - 3.13 (100%)
Host Script Output
Script NameOutput
nbstat 
NetBIOS name: ARCHER_VR1600V, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
Names:
  ARCHER_VR1600V<00>   Flags: <unique><active>
  ARCHER_VR1600V<03>   Flags: <unique><active>
  ARCHER_VR1600V<20>   Flags: <unique><active>
  \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
  WORKGROUP<1d>        Flags: <unique><active>
  WORKGROUP<1e>        Flags: <group><active>
  WORKGROUP<00>        Flags: <group><active> 
smb-os-discovery 
  OS: Unix (Samba 3.6.25)
  NetBIOS computer name: 
  Workgroup: WORKGROUP
  System time: 2018-12-28T13:35:40+10:00
 
smb-security-mode 
  account_used: guest
  authentication_level: user
  challenge_response: supported
  message_signing: disabled (dangerous, but default) 
smbv2-enabled 
Server supports SMBv2 protocol 

Misc Metrics (click to expand)
Go to top 
Toggle Closed Ports 
Toggle Filtered Ports
0 Likes
Reply
1 REPLY 1
BasilDV
Moderator Moderator
Moderator
‎04-01-2019 03:17 PM

Hi @District,

 

Welcome to TPG Community!

 

We've checked the information that you've provided and the message that you are getting is unlikely to be anything do with the modem. It is more likely due to malware on your PC.

 

You may run the malware scan using Windows Defender on your PC.

 

Please shoot me a private message with your TPG username or customer ID number. We'd like to look into it further.

 

How to send a PM? Click here.

 

Kind regards,

BasilDV

0 Likes
Reply