Router Vulnerabilities Found
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Router Vulnerabilities Found
Router Vulnerabilities Found
11-02-2019 2:46 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi - I've used a Trend Micro scanner and my Sagemcom router has the following vulnerabilities:
-SSLv2 Drown Attack Vulnerability
-SSL Poodle Attack Vulnerability
-Device has an open port which may be access from the internet
How do I fix these please?
Thanks.
Re: Router Vulnerabilities Found
11-02-2019 5:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Router Vulnerabilities Found
11-02-2019 9:35 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi - I need to find out if the latest firmware has fixed these vulnerabilities and when it was last updated.
Re: Router Vulnerabilities Found
12-02-2019 12:54 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Login to the router, that will show you the last update date.
As for fixes.. @bobpullen ?
Re: Router Vulnerabilities Found
12-02-2019 9:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
You shouldn't take every warning thrown up by security scans to be definite evidence of a problem.
I suspect that the port used by Plusnet for updating the firmware is being detected. If so then as I understand it this is not a security issue, is present on millions of routers, and will never be closed off.
Assuming that this is the cause then you can either live with it or buy you own third party router.
Moderator and Customer
If this helped - select the Thumb
If it fixed it, help others - select 'This Fixed My Problem'
Re: Router Vulnerabilities Found
12-02-2019 1:59 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@pascoej, your router was upgraded to the latest available build at the start of the month. I don't suppose you can point me in the direction of the scanner you're using?
@Baldrick1 is probably right regarding the open port. It's likely to be TCP port 4567 that is used by the Plusnet Hub One for remote TR069 management/configuration.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Router Vulnerabilities Found
12-02-2019 3:06 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi,
I used a Trend Micro scanner and nmap, nmap confirms what the Trend Micro scanner sees. Is there anything I can do about the SSLv2 Drown and SSL Poodle vulnerabilities on the router? Or do I have to buy my own router so i can block these ports?
Thanks.
Re: Router Vulnerabilities Found
12-02-2019 4:48 PM - edited 12-02-2019 4:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The issue is that the router is using SSLv2 or SSLv3 encryption, both of which are obsolete and vulnerable to attack.
The router firmware needs to be updated to use TLS (ideally v1.3) for encrypting HTTPS.
If there is also a problem with the TR-069 port being open, then it shouldn't be, as the TR-069 protocol is initiated by the device to be configured (i.e. the router) and therefore there is no need for the WAN facing port to be open, as the TR-069 server shouldn't be remotely accessing the router unsolicited.
Even if the port did have to be open, then it should be restricted to only respond to packets from the FQDN of the Plusnet TR-069 server, and should be invisible to probes from any other source.
@pascoej - what ports is nmap reporting as being open ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: Router Vulnerabilities Found