TPG Community

Get online support

Archer VR1600V WARNING open ports Remote Malware Execution

Level 2

Hi can someone please tell me if what you see below in the report provided by Nmap scan are correct because all our devices connected to the router have been acting strange lately (can not enter a website without the page having to give us a warning "this page is insecure and you might have your passwords stolen from you"), I've reset router numerous times and called tpg but I'm still getting same thing happen.


Nmap scans are showing a vunerability in the router, I haven't setup any remote connection nor have I played with any settings.


Nmap Scan Report - Scanned at Fri Dec 28 14:33:24 2018Scan Summary

Nmap 7.12 was initiated at Fri Dec 28 14:33:24 2018 with these arguments:
./nmap -A -T5 -d --osscan_limit -oA /data/data/com.zimperium.zanti/files/logs/34:e8:94:2c:13:8e/ 

Verbosity: 1; Debug level 1

Nmap done at Fri Dec 28 14:35:50 2018; 1 IP address (1 host up) scanned in 150.84 seconds
  • (ipv4)
  • 34:E8:94:2C:13:8E (mac)

The 992 ports scanned but not shown below are in state: closed

  • 992 ports replied with: resets

PortState (toggle closed [0] | filtered [0])ServiceReasonProductVersionExtra info
21tcpopenftp syn-ackvsftpd 2.0.8 or later  
  ERROR: Unable to obtain data from the target
53tcpopendomain syn-ackdnsmasq 2.67  
  bind.version: dnsmasq-2.67 
80tcpopenhttp syn-ack   
  Supported Methods: GET POST 
Site doesn't have a title (text/html; charset=utf-8). 
139tcpopennetbios-ssn syn-ackSamba smbd 3.X workgroup: WORKGROUP 
445tcpopenmicrosoft-ds syn-ack   
1900tcpopenupnp syn-ackPortable SDK for UPnP devices 1.6.19 Linux 3.4.11-rt19; UPnP 1.0 
2323tcpopentelnet syn-ackTP-LINK ADSL2+ router telnetd   
8200tcpopenupnp syn-ackMiniDLNA 1.1.4 Linux; DLNADOC 1.50; UPnP 1.0 
Remote Operating System Detection
  • Used port: 21/tcp (open)
  • Used port: 1/tcp (closed)
  • Used port: 31328/udp (closed)
  • OS match: Linux 2.6.32 - 3.13 (100%)
Host Script Output
Script NameOutput
NetBIOS name: ARCHER_VR1600V, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  ARCHER_VR1600V<00>   Flags: <unique><active>
  ARCHER_VR1600V<03>   Flags: <unique><active>
  ARCHER_VR1600V<20>   Flags: <unique><active>
  \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
  WORKGROUP<1d>        Flags: <unique><active>
  WORKGROUP<1e>        Flags: <group><active>
  WORKGROUP<00>        Flags: <group><active> 
  OS: Unix (Samba 3.6.25)
  NetBIOS computer name: 
  Workgroup: WORKGROUP
  System time: 2018-12-28T13:35:40+10:00
  account_used: guest
  authentication_level: user
  challenge_response: supported
  message_signing: disabled (dangerous, but default) 
Server supports SMBv2 protocol 

Misc Metrics (click to expand)

Hi @District,


Welcome to TPG Community!


We've checked the information that you've provided and the message that you are getting is unlikely to be anything do with the modem. It is more likely due to malware on your PC.


You may run the malware scan using Windows Defender on your PC.


Please shoot me a private message with your TPG username or customer ID number. We'd like to look into it further.


How to send a PM? Click here.


Kind regards,