Hi can someone please tell me if what you see below in the report provided by Nmap scan are correct because all our devices connected to the router have been acting strange lately (can not enter a website without the page having to give us a warning "this page is insecure and you might have your passwords stolen from you"), I've reset router numerous times and called tpg but I'm still getting same thing happen.
Nmap scans are showing a vunerability in the router, I haven't setup any remote connection nor have I played with any settings.
Nmap 7.12 was initiated at Fri Dec 28 14:33:24 2018 with these arguments:
./nmap -A -T5 -d --osscan_limit -oA /data/data/com.zimperium.zanti/files/logs/34:e8:94:2c:13:8e/192.168.1.1-OsDetection 192.168.1.1
Verbosity: 1; Debug level 1
Nmap done at Fri Dec 28 14:35:50 2018; 1 IP address (1 host up) scanned in 150.84 seconds192.168.1.1
The 992 ports scanned but not shown below are in state: closed
992 ports replied with: resets
|Port||State (toggle closed  | filtered )||Service||Reason||Product||Version||Extra info|
|21||tcp||open||ftp||syn-ack||vsftpd||2.0.8 or later|
ERROR: Unable to obtain data from the target
id.server: nme-sot-dns1.tpgi.com.au bind.version: dnsmasq-2.67
Supported Methods: GET POST
Site doesn't have a title (text/html; charset=utf-8).
|139||tcp||open||netbios-ssn||syn-ack||Samba smbd||3.X||workgroup: WORKGROUP|
|1900||tcp||open||upnp||syn-ack||Portable SDK for UPnP devices||1.6.19||Linux 3.4.11-rt19; UPnP 1.0|
|2323||tcp||open||telnet||syn-ack||TP-LINK ADSL2+ router telnetd|
|8200||tcp||open||upnp||syn-ack||MiniDLNA||1.1.4||Linux 184.108.40.206-45.fc14.i686; DLNADOC 1.50; UPnP 1.0|
NetBIOS name: ARCHER_VR1600V, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown) Names: ARCHER_VR1600V<00> Flags: <unique><active> ARCHER_VR1600V<03> Flags: <unique><active> ARCHER_VR1600V<20> Flags: <unique><active> \x01\x02__MSBROWSE__\x02<01> Flags: <group><active> WORKGROUP<1d> Flags: <unique><active> WORKGROUP<1e> Flags: <group><active> WORKGROUP<00> Flags: <group><active>
OS: Unix (Samba 3.6.25) NetBIOS computer name: Workgroup: WORKGROUP System time: 2018-12-28T13:35:40+10:00
account_used: guest authentication_level: user challenge_response: supported message_signing: disabled (dangerous, but default)
Server supports SMBv2 protocol
Welcome to TPG Community!
We've checked the information that you've provided and the message that you are getting is unlikely to be anything do with the modem. It is more likely due to malware on your PC.
You may run the malware scan using Windows Defender on your PC.
Please shoot me a private message with your TPG username or customer ID number. We'd like to look into it further.
How to send a PM? Click here.