Jump to content

I'd like an archived thread made active again (28507-open-ports-on-router-esp-port-7547)


aias
 Share

Recommended Posts

Hello,

I'd like to reopen an archived thread. When typing 'ZyXel 7547' into Google, this archived thread is the first result.

Ref:

https://forums.hak5.org/index.php?/topic/28507-open-ports-on-router-esp-port-7547/

The problem was never solved. This port comes by default as open to the WAN on many ZyXel commercial routers, and is easily made explotable. The solution to the problem is as follows:

1. Login to your device via telnet (or ssh if provided).

2. Issue the following command: sys cwmp clearall.

This will stop the port listening on the WAN.

That is all.

- aias

Link to comment
Share on other sites

Thank you very much for opening the thread once more. It turns out that the CWMP port has been heavily exploited. The exploit allows an attacker to change the DNS server settings in the consumer's router, and therefore route a large portion of their web requests to wherever they please (assuming they specifiy their own rogue DNS server's IP, of course). I have updated the thread with a method to disable the service. And it does indeed survive both soft and hard reboots.

- aias

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...