Hello Swinog, we've recently audited a small network and found that the customer configured devices were relatively secure configured. However the Swisscom Router/WiFi device (Zylex P-870HN-53b) seems to have the old uPNP exploit with a firmware that is not being updated anymore (upnp was disabled though - so this is hopefully not a big issue).
However, when scanning the router from outside, the port 7547 is openly reachable from the internet, which turns out to be TR 069 [0]. My question to the list is, if anyone can comment on the security of TR-069? And if it is a potential or real security problem to have the port open world wide? We have never used TR-069 it so far, but my assumption would be that this port should only be reachable from a Swisscom admin network, however it is open world wide. As far as I can see the communication on port 7547 is plain http with http auth, which doesn't look very safe to me. Does anyone here use TR-069 and if so, what is your the default policy for accessing the port? Thanks a lot for your help and greetings from the last snow! Nico [0] https://en.wikipedia.org/wiki/TR-069 -- Werde Teil des modernen Arbeitens im Glarnerland auf www.digitalglarus.ch! Lese Neuigkeiten auf Twitter: www.twitter.com/DigitalGlarus Diskutiere mit auf Facebook: www.facebook.com/digitalglarus _______________________________________________ swinog mailing list [email protected] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
