Following an earlier post on a different subject (Re: WIFI OPEN DURING START UP)
The issue has not repeated but connects first and then secures, sometimes delayed.
I did a router check and found a vulnerability that was not here before, first time I have seen this from my regular check so is a new security issue just appeared.
PORT 7547 OPEN
this may give access to hackers??
why has this port opened and should it be open.
extract from advice on internet-
If you are not vulnerable, but port 7547 is open on your router, we recommend that you:
Reboot your home router immediately. You may suffer from other port 7547 vulnerabilities.
Upgrade your router firmware if you can.
Close port 7547 on your router if you can. (Many routers don’t allow this)
Contact your ISP and let them know that port 7547 on your home router is accessible from the public internet. Let them know that port 7547 is used by your ISP to manage the router. It should not be publicly available. Suggest that they filter access to that port to prevent anyone on the public internet accessing it.
please advise if i need to reboot the hub and any other actions if needed??
Do I need to change any passwords.
I have looked at older posts on protocol tr-069 but concerned about the open port 7547 which is used to make changes to the router, is virgin keeping this port open, can it be closed on the hub3 or does it need to remain open.
"I am a bit paranoid but not without reason, so why today can I not get into setting page for hub3??, locked out so that is unusual" Are you using the virgin connect app on any phone or device? If so uninstall it and factory reset .the hub
What is port 7547 and why open to public? Not had this before. No reason i would say the site you used to scan for open ports detected a false positive
This port remains open and not sure of why, any of the port check tool can be used to show it is open.
Has Anyone else got this on their hub- that would prove it is normal to have this port open???
may be used by virgin for communications with hub??
TR-069 protocol allows ISPs to manage modems remotely. Port 7547 has been assigned to this protocol.
First of all, let’s take a look at the changes made to the attack module recently. Currently, the ATK (attack) module supports three different attack methods which help to propagate the worm on different IoT devices:
Telnet default password attack;
Arris cable modem password of the day attack.
Of these three attacks, the TR-069 exploit dates back to 2016, implemented by the attackers 2017
A the port 7547 remains open just hope this old exploit is no longer a threat.
I recently could not get into hub settings and had all the trouble of rebooting my hub to get my settings page back, it was locked out.