cancel
Showing results for 
Search instead for 
Did you mean: 

Router Vulnerabilities Found

pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Router Vulnerabilities Found

Hi - I've used a Trend Micro scanner and my Sagemcom router has the following vulnerabilities:

 

-SSLv2 Drown Attack Vulnerability

-SSL Poodle Attack Vulnerability

-Device has an open port which may be access from the internet

 

How do I fix these please? 

Thanks.

7 REPLIES 7
Gel
Aspiring Champion
Posts: 2,369
Thanks: 297
Fixes: 29
Registered: ‎02-08-2007

Re: Router Vulnerabilities Found

pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Re: Router Vulnerabilities Found

Hi - I need to find out if the latest firmware has fixed these vulnerabilities and when it was last updated.

7up
Community Veteran
Posts: 15,858
Thanks: 1,603
Fixes: 18
Registered: ‎01-08-2007

Re: Router Vulnerabilities Found

Login to the router, that will show you the last update date.

As for fixes.. @bobpullen ?

I need a new signature... i'm bored of the old one!
Baldrick1
Moderator
Moderator
Posts: 12,443
Thanks: 5,607
Fixes: 430
Registered: ‎30-06-2016

Re: Router Vulnerabilities Found

 You shouldn't take every warning thrown up by security scans to be definite evidence of a problem.

I suspect that the port used by Plusnet for updating the firmware is being detected. If so then as I understand it this is not a security issue, is present on millions of routers, and will never be closed off.

Assuming that this is the cause then you can either live with it or buy you own third party router.

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

bobpullen
Community Gaffer
Community Gaffer
Posts: 16,932
Thanks: 5,022
Fixes: 317
Registered: ‎04-04-2007

Re: Router Vulnerabilities Found

@pascoej, your router was upgraded to the latest available build at the start of the month. I don't suppose you can point me in the direction of the scanner you're using?

@Baldrick1 is probably right regarding the open port. It's likely to be TCP port 4567 that is used by the Plusnet Hub One for remote TR069 management/configuration.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Re: Router Vulnerabilities Found

Hi,

I used a Trend Micro scanner and nmap, nmap confirms what the Trend Micro scanner sees. Is there anything I can do about the SSLv2 Drown and SSL Poodle vulnerabilities on the router? Or do I have to buy my own router so i can block these ports?

 

Thanks.

 

Anonymous
Not applicable

Re: Router Vulnerabilities Found

The issue is that the router is using SSLv2 or SSLv3 encryption, both of which are obsolete and vulnerable to attack.

The router firmware needs to be updated to use TLS (ideally v1.3) for encrypting HTTPS.

 

 

If there is also a problem with the TR-069 port being open, then it shouldn't be, as the TR-069 protocol is initiated by the device to be configured (i.e. the router) and therefore there is no need for the WAN facing port to be open, as the TR-069 server shouldn't be remotely accessing the router unsolicited.

Even if the port did have to be open, then it should be restricted to only respond to packets from the FQDN of the Plusnet TR-069 server, and should be invisible to probes from any other source.

 

 

@pascoej - what ports is nmap reporting as being open ?