TPG Community

Get online support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Archer VR1600v Router Vulnerable...Firmware Upgrade??

Calvinator
Level 2
Level 2
‎27-09-2021 10:25 PM

Hello,

I've just received a notification from AVG telling me that my Archer VR1600v router is at risk because of an open port. It's telling me the CWMP port is reachable from the Internet and is vulnerable to attackers.

 

My current firmware for the router is:
Firmware Version:0.1.0 0.9.1 v5006.0 Build 200810 Rel.53181n Hardware Version:Archer VR1600v v1 00000000

Is there a way to fix this?

Thanks in advance for your help,
Calvin

0 Likes
Reply
7 REPLIES 7
Shane
Moderator Moderator
Moderator
‎28-09-2021 07:30 PM

Hi @Calvinator ,

 

Thanks for raising this to us. I can confirm that the modem/router has the latest firmware version. This has been raised to our Network Engineering Team for investigation, I will provide an update on this thread when it becomes available.

Regards,

 

@Calvinator wrote:

Hello,

I've just received a notification from AVG telling me that my Archer VR1600v router is at risk because of an open port. It's telling me the CWMP port is reachable from the Internet and is vulnerable to attackers.

 

My current firmware for the router is:
Firmware Version:0.1.0 0.9.1 v5006.0 Build 200810 Rel.53181n Hardware Version:Archer VR1600v v1 00000000

Is there a way to fix this?

Thanks in advance for your help,
Calvin

 

Reply
david64
Level 15
Level 15
‎28-09-2021 08:39 PM

@Shane .

The open port is 7547 which is used for CWMP (another form of remote router management; uses auto-config server). Using mobile data, I can browse to port 7547 on my router. It returns a string "File not found". The VR1600 manual shows the CWMP config screen (TPG has removed this from access by local admin user). It uses two passwords so hopefully they are strong ones to prevent hacking.

It looks like port 7547 has been invisibly reserved by the firmware; it can't be forwarded like a virtual server; it can't be used for Remote Management.

@Calvinator .

Reply
Calvinator
Level 2
Level 2
‎28-09-2021 09:27 PM

Hi @david64,

Thanks for your response (and thanks to@Shane as well) Smiley Happy
So are you saying that, as long as my router's password is strong enough, I can ignore the warning from AVG and that the router won't be vulnerable to attacks?

0 Likes
Reply
david64
Level 15
Level 15
‎28-09-2021 09:49 PM

@Calvinator . It's up to the engineering team to comment on whether the router is safe regarding CWMP function. The userids and passwords here are separate from the userid/password for local admin.

The other thing you can try, although AVG didn't report it:

use your phone's mobile data and browser, put your router's public ip address in the address bar and enter.

See what you get back. This tests whether port 80 is open or not. The default admin password for local router admin should be safe enough because no-one from outside should be able to connect to it.

Reply
Leesa1971
Level 2
Level 2
‎16-10-2022 03:45 PM

Hello, just got my new VX420-G2H modem/router with couresty of TPG and I'm joining this conversation as I am also wanting to close this port of 7547 and I don't care how strong my p/s are, whether it is supposeldy "encrypted", I want it closed.

 

No if, buts or Ummms. I WANT it CLOSED.

 

...."The routers were attacked on TCP port 7547, which is used by the TR-069 protocol (also known as CWMP or CPE WAN Management Protocol)"

 

..."For example, it is common knowledge that open TCP/IP ports are dangerous. When an ISP wants to access their customer devices on an open port, they should take steps to insure that only they can do so. Instead, we saw ISPs mis-configuring both the routers and their internal networks such that any bad guy, anywhere in the world, can get into the routers on port 7547."

By Michael Horowitz, Computerworld | 4 December 2016 10:35 AEDT https://www.computerworld.com/article/3145003/blame-the-isps-rather-than-the-routers.html

 

Considering that this issue has been raised and reported on throughout the since atleast 2016 when Michael Horowitz first published this article above and it is still being raised today, then it is definitely still a massive security breach.

0 Likes
Reply
Shane
Moderator Moderator
Moderator
‎16-10-2022 05:13 PM

Hi @Leesa1971,

 

We raised this to our Engineering Team for investigation. We will get back to you as soon as update becomes available.

.

Hello, just got my new VX420-G2H modem/router with couresty of TPG and I'm joining this conversation as I am also wanting to close this port of 7547 and I don't care how strong my p/s are, whether it is supposeldy "encrypted", I want it closed.

 

No if, buts or Ummms. I WANT it CLOSED.

 

...."The routers were attacked on TCP port 7547, which is used by the TR-069 protocol (also known as CWMP or CPE WAN Management Protocol)"

 

..."For example, it is common knowledge that open TCP/IP ports are dangerous. When an ISP wants to access their customer devices on an open port, they should take steps to insure that only they can do so. Instead, we saw ISPs mis-configuring both the routers and their internal networks such that any bad guy, anywhere in the world, can get into the routers on port 7547."

Defensive Computing

By Michael Horowitz, Computerworld | 4 December 2016 10:35 AEDT https://www.computerworld.com/article/3145003/blame-the-isps-rather-than-the-routers.html

 

Considering that this issue has been raised and reported on throughout the since atleast 2016 when Michael Horowitz first published this article above and it is still being raised today, then it is definitely still a massive security breach.

0 Likes
Reply
BasilDV
Moderator Moderator
Moderator
‎24-10-2022 10:16 AM

Hi @Leesa1971

 

Please shoot me a PM with your TPG username or customer ID number for us to progress further your request.

 

BasilDV

0 Likes
Reply