aias Posted February 1, 2015 Share Posted February 1, 2015 Hello, I'd like to reopen an archived thread. When typing 'ZyXel 7547' into Google, this archived thread is the first result. Ref: https://forums.hak5.org/index.php?/topic/28507-open-ports-on-router-esp-port-7547/ The problem was never solved. This port comes by default as open to the WAN on many ZyXel commercial routers, and is easily made explotable. The solution to the problem is as follows: 1. Login to your device via telnet (or ssh if provided). 2. Issue the following command: sys cwmp clearall. This will stop the port listening on the WAN. That is all. - aias Quote Link to comment Share on other sites More sharing options...
cooper Posted February 1, 2015 Share Posted February 1, 2015 Is that a one-time fix, or something that needs to be repeated on each reboot? Nice find. Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted February 1, 2015 Share Posted February 1, 2015 Un-archived. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
aias Posted February 1, 2015 Author Share Posted February 1, 2015 Thank you very much for opening the thread once more. It turns out that the CWMP port has been heavily exploited. The exploit allows an attacker to change the DNS server settings in the consumer's router, and therefore route a large portion of their web requests to wherever they please (assuming they specifiy their own rogue DNS server's IP, of course). I have updated the thread with a method to disable the service. And it does indeed survive both soft and hard reboots. - aias Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 2, 2015 Share Posted February 2, 2015 Thanks for updating the thread. It was smacked with the auto archive for inactivity. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.