cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Router Vulnerabilities Found

pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Router Vulnerabilities Found

‎11-02-2019 2:46 PM

Hi - I've used a Trend Micro scanner and my Sagemcom router has the following vulnerabilities:

 

-SSLv2 Drown Attack Vulnerability

-SSL Poodle Attack Vulnerability

-Device has an open port which may be access from the internet

 

How do I fix these please? 

Thanks.

Message 1 of 8
(2,326 Views)
Reply
0 Thanks
7 REPLIES 7
Gel
Aspiring Champion
Posts: 2,366
Thanks: 296
Fixes: 29
Registered: ‎02-08-2007

Re: Router Vulnerabilities Found

‎11-02-2019 5:04 PM

Buy your own probably; you are unable to do any s/ware updates to any PN supplied (+ locked) router.
Broadband Connection Troubleshooter

Contact/Chat : CHAT service often suspended though!
BT Wholesale Speed Test:
PN Network Status:
Land Line Connection_Troubleshooter:
Message 2 of 8
(2,295 Views)
Reply
0 Thanks
pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Re: Router Vulnerabilities Found

‎11-02-2019 9:35 PM

Hi - I need to find out if the latest firmware has fixed these vulnerabilities and when it was last updated.

Message 3 of 8
(2,261 Views)
Reply
0 Thanks
7up
Community Veteran
Posts: 15,855
Thanks: 1,602
Fixes: 18
Registered: ‎01-08-2007

Re: Router Vulnerabilities Found

‎12-02-2019 12:54 AM

Login to the router, that will show you the last update date.

As for fixes.. @bobpullen ?

I need a new signature... i'm bored of the old one!
Message 4 of 8
(2,234 Views)
Reply
Baldrick1
Moderator
Moderator
Posts: 12,342
Thanks: 5,528
Fixes: 430
Registered: ‎30-06-2016

Re: Router Vulnerabilities Found

‎12-02-2019 9:50 AM

 You shouldn't take every warning thrown up by security scans to be definite evidence of a problem.

I suspect that the port used by Plusnet for updating the firmware is being detected. If so then as I understand it this is not a security issue, is present on millions of routers, and will never be closed off.

Assuming that this is the cause then you can either live with it or buy you own third party router.

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

Message 5 of 8
(2,203 Views)
Reply
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,926
Thanks: 5,012
Fixes: 317
Registered: ‎04-04-2007

Re: Router Vulnerabilities Found

‎12-02-2019 1:59 PM

@pascoej, your router was upgraded to the latest available build at the start of the month. I don't suppose you can point me in the direction of the scanner you're using?

@Baldrick1 is probably right regarding the open port. It's likely to be TCP port 4567 that is used by the Plusnet Hub One for remote TR069 management/configuration.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Message 6 of 8
(2,167 Views)
Reply
0 Thanks
pascoej
Newbie
Posts: 3
Registered: ‎11-02-2019

Re: Router Vulnerabilities Found

‎12-02-2019 3:06 PM

Hi,

I used a Trend Micro scanner and nmap, nmap confirms what the Trend Micro scanner sees. Is there anything I can do about the SSLv2 Drown and SSL Poodle vulnerabilities on the router? Or do I have to buy my own router so i can block these ports?

 

Thanks.

 

Message 7 of 8
(2,154 Views)
Reply
0 Thanks
Anonymous
Not applicable

Re: Router Vulnerabilities Found

‎12-02-2019 4:48 PM - edited ‎12-02-2019 4:56 PM

The issue is that the router is using SSLv2 or SSLv3 encryption, both of which are obsolete and vulnerable to attack.

The router firmware needs to be updated to use TLS (ideally v1.3) for encrypting HTTPS.

 

 

If there is also a problem with the TR-069 port being open, then it shouldn't be, as the TR-069 protocol is initiated by the device to be configured (i.e. the router) and therefore there is no need for the WAN facing port to be open, as the TR-069 server shouldn't be remotely accessing the router unsolicited.

Even if the port did have to be open, then it should be restricted to only respond to packets from the FQDN of the Plusnet TR-069 server, and should be invisible to probes from any other source.

 

 

@pascoej - what ports is nmap reporting as being open ?

Message 8 of 8
(2,135 Views)
Reply