Hello, (SOLVED)
This port comes by default open to the WAN on many ZyXel commercial routers. It is intended for use with the Customer Premises Equipment WAN Management Protocol, a.k.a. CWMP. It has become prone to easy exploitation. Unfortunately, the web-based management interface lacks any hint that this service is enabled, much less a method to disable it. To close this port on your router you may take the following steps:
1. Login to your device via telnet (or ssh, but mine doesn't support it).
2. Issue the following command: sys cwmp clearall.
This will stop the port listening on the LAN and WAN and clear all other settings related to CWMP. You may wish to view the related information before clearing it, or otherwise make changes. Simply use `sys cwmp help` for more usage instructions.
I can confirm that this will survive a reboot.
For reference, the model tested: ZyXEL AMG1302-T10A.
Happy hacking.
- aias