cancel
Showing results for 
Search instead for 
Did you mean: 

Router Vulnerabilities Found

pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Router Vulnerabilities Found

Hi - I've used a Trend Micro scanner and my Sagemcom router has the following vulnerabilities:

 

-SSLv2 Drown Attack Vulnerability

-SSL Poodle Attack Vulnerability

-Device has an open port which may be access from the internet

 

How do I fix these please? 

Thanks.

7 REPLIES 7
Gel
Seasoned Pro
Posts: 1,816
Thanks: 194
Fixes: 17
Registered: ‎02-08-2007

Re: Router Vulnerabilities Found

Highlighted
pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Re: Router Vulnerabilities Found

Hi - I need to find out if the latest firmware has fixed these vulnerabilities and when it was last updated.

Community Veteran
Posts: 14,709
Thanks: 862
Fixes: 12
Registered: ‎01-08-2007

Re: Router Vulnerabilities Found

Login to the router, that will show you the last update date.

As for fixes.. @bobpullen ?

I need a new signature... i'm bored of the old one!
Baldrick1
Hero
Posts: 3,455
Thanks: 1,493
Fixes: 94
Registered: ‎30-06-2016

Re: Router Vulnerabilities Found

 You shouldn't take every warning thrown up by security scans to be definite evidence of a problem.

I suspect that the port used by Plusnet for updating the firmware is being detected. If so then as I understand it this is not a security issue, is present on millions of routers, and will never be closed off.

Assuming that this is the cause then you can either live with it or buy you own third party router.

Community Gaffer
Community Gaffer
Posts: 13,949
Thanks: 1,479
Fixes: 119
Registered: ‎04-04-2007

Re: Router Vulnerabilities Found

@pascoej, your router was upgraded to the latest available build at the start of the month. I don't suppose you can point me in the direction of the scanner you're using?

@Baldrick1 is probably right regarding the open port. It's likely to be TCP port 4567 that is used by the Plusnet Hub One for remote TR069 management/configuration.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Re: Router Vulnerabilities Found

Hi,

I used a Trend Micro scanner and nmap, nmap confirms what the Trend Micro scanner sees. Is there anything I can do about the SSLv2 Drown and SSL Poodle vulnerabilities on the router? Or do I have to buy my own router so i can block these ports?

 

Thanks.

 

Community Veteran
Posts: 5,559
Thanks: 342
Fixes: 5
Registered: ‎11-08-2007

Re: Router Vulnerabilities Found

The issue is that the router is using SSLv2 or SSLv3 encryption, both of which are obsolete and vulnerable to attack.

The router firmware needs to be updated to use TLS (ideally v1.3) for encrypting HTTPS.

 

 

If there is also a problem with the TR-069 port being open, then it shouldn't be, as the TR-069 protocol is initiated by the device to be configured (i.e. the router) and therefore there is no need for the WAN facing port to be open, as the TR-069 server shouldn't be remotely accessing the router unsolicited.

Even if the port did have to be open, then it should be restricted to only respond to packets from the FQDN of the Plusnet TR-069 server, and should be invisible to probes from any other source.

 

 

@pascoej - what ports is nmap reporting as being open ?

Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.4.4-p3 router, 5 WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT