on 08-04-2017 7:42 PM - last edited on 08-04-2017 7:56 PM by Mav
I have been using an old TalkTalk DSL-2680 router for some weeks as an alternative to my Plusnet Technicolor TG582n. Things had been going well but today I ran my Avast antivirus software in Network Scan mode (forgot it had that actually). I got a serious warning:
"! Your router is vulnerable to hacker attacks
Problem: Your router is vulnerable
Vulnerability detected: VULN ROM0 INNER
Risk: Hackers can easily read your router settings, get access to the router and modify it. Your personal data may be in[sic] risk."
"VULN ROM0 INNER" may be an Avast specific reference.
My DSL-2680 has firmware version 1.14t. I have now switched back to the TG582n which passes the Avast Network Scan tests.
It seems to me likely that this works by Avast on the PC sending a request to the Avast remote servers to carry out a port scan from the Internet at 'this' address etc.
I know somebody on here once asked about using this same router on Plusnet and I said at the time I was using it OK, so under the circumstances it seems best for anyone using this fairly old router to stop and use a newer on.
Moderator's note by Mike (Mav): All caps title edited as per Forum rules.
09-04-2017 11:52 AM - edited 09-04-2017 11:52 AM
I think Broadband is the "appropriate" board for this post. That is why I posted it there.
Why? Because I know (as I posted) users have asked about using this router on the Broadband thread and received replies there.
So would a post "Notice: DSL-2680 Routers" on the Broadband thread make sense, with a link to the above post on here?
09-04-2017 12:08 PM - edited 09-04-2017 12:08 PM
not really as it has been discussed at length before https://community.plus.net/t5/Broadband/Router-Vulnerability/m-p/1085756
however according to this https://community.talktalk.co.uk/t5/Broadband/DSL-2680-is-it-vulnerable/td-p/1986768 it isn't vulnerable
also the vulnerability was supposedly fixed in the firmware issued July 14 2015 as described in the attached file
18-04-2017 9:00 PM - edited 18-04-2017 9:04 PM
"discussed at length before"?
But the DSL-2680 router isn't mentioned in that thread AFAICS. Plus there is AFAIK no issue involving Flashplayer with this router.
As far as the FIRMWARE PATCH 1.01 is concerned - my DSL-2680 was originally supplied by TalkTalk with v1.8 firmware! It had been upgraded to v1.16t.
One weirdness with my recent use of this router is, unless I am mistaken, it reported v1.14t - one of the things that caught my attention.
Let's hope anyone who needs to gets to see the information in this outpost.
BTW The previous post didn't "Fix my problem". If it isn't against the rules, I'd like to make the decision on such matters.