Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,623,449

members

37

online now

1,803,318

discussions

Back to Top

Router security vulnerability - how to close port 7547 to prevent home network being hacked

SOLVED
Posted by
Visitor
  • Congratulations on receiving your first Kudos! Thank you for your meaningful contribution to the forum. May this be the first of many kudos.
  • Congrats on Posting your first topic!

Message 1 of 11
418 Views

Hi,

I use a security software and receive their bulletins regularly, one of which referred to home routers.

https://www.wordfence.com/blog/2017/04/check-your-router/?utm_source=list&utm_medium=email&utm_campa...

In this article they say how to check for the vulnerability through port 7547 and when I ran the test it came back saying that mine is (the one I got from Comcast).

"Your router has port 7547 open and may be vulnerable. Response: Cisco-CcspCwmpTcpCR/1.0"

How can it upgrade the firmware to the latest available, and separately, how can I close port 7547 to address this vulnerability?

Thanks

10 REPLIES
Posted by
Gold Problem Solver

Message 2 of 11
375 Views

If you own the router and it's not part of an all-in-one modem+router gateway device, you'd need to work with the manufacturer to correct the problem.

 

If Comcast owns the router or if it is part of an all-in-one modem+router gateway device, the firmware is under their control and you're stuck waiting for them to fix the problem.

Posted by
Valued Contributor

Message 3 of 11
332 Views
Firmware for modems and gateways update on their own. The best chance you might have of being able to do this is to call Comcast Customer Security Assurance which is open M-F at (888) 565-4329 and notify them and see what they do. I can't guarantee what they will do or if they will do anything.
Posted by
Visitor
  • Congratulations on receiving your first Kudos! Thank you for your meaningful contribution to the forum. May this be the first of many kudos.
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 4 of 11
289 Views
Solution

I found a way to mitigate for this.  Sorry if this is a bit technical.  If it doesn't make sense, ask a network savvy friend to help you.  In your X1 router, go to Advanced >Port Forwarding, enable it, and add a service for that port that points to a non-existant server IP.  For example, I added one with Common Service: Other, Service Name: wharever but I used "Mitigation", Service type TCP/UDP, server IP 10.0.0.5 (this was an IP I know is not assigned to anything on my network...try pinging an IP before using it), and for IPv6 do the same, and enter a start and end port of 7547. Save it.  Test again and you will see that the port no longer responds (as it is being redirected to a non-existant server which thus can't repond).  Hope that helps!

 

Posted by
Valued Contributor

Message 5 of 11
243 Views
The only downfall I see to that is that IP Address may not be taken at the time but it might get taken by a new device at a point of time since it's pretty much well known that these gateways randomly assign IP Addresses through DHCP instead of just going up the list to the DHCP end Address.
Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 6 of 11
199 Views

I following this, and the test worked (it failed once I sent 7547 to a bogus ipv4 ipAddr).   I left the ipv6 blank, I was not having any success in find what valid address or range I could put in there.  Ideas on what to put into the ipv6 addr?

 

 

Also, I'm curious as to why blocking 7547 within the managed services (just create a name, assign it to 7547) didnt work.

Posted by
Service Expert

Message 7 of 11
186 Views

I would bet that everyone who ran that test against their router would get the same result; open.

 

Gibson has the same test and it says it is open on my gateway.

 

https://www.grc.com/x/portprobe=7547

 

http://www.speedguide.net/port.php?port=7547




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Gold Problem Solver

Message 8 of 11
176 Views

RobertWy wrote: ... I would bet that everyone who ran that test against their router would get the same result; open. ... Gibson has the same test and it says it is open on my gateway. ...

"Everyone"? Are you sure about that? For ALL routers and ALL gateways? Cite?

 

The point of your reply is unclear. It could be interepreted to mean "everyone's vulnerable, don't worry about it", which strikes me as an odd position for one to take, especially for an "expert".

 

Are you really suggesting that customers with vulnerable equipment "not worry about it"?

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 9 of 11
128 Views

Thanks sj3vans for this good suggestion to use port forwarding.  Earlier this month I called Comcast several times about their open port 7547.  The last call I spent about 2 hours on the phone and had several of their technical agents tell me that it was impossible 7547 was open because I had no port forwarding enabled at that time - I am a relative newbie with routing, but even I knew that is baloney.  I was eventually transferred to the Comcast Security Dept, was promised they would open a work order on this and have a response within 24-48 hours.  That was 2 weeks ago.  I now realize Comcast will never respond to my request for assistance to close port 7547 and they seem unconcerned that this provides a security risk to their paying customers, in spite of the growing body of evidence this open port is now being targetted. 

Posted by
Valued Contributor

Message 10 of 11
104 Views
@stanatjp Did you try calling (888) 565-4329 and check up on that work order?
Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 11 of 11
78 Views

No I did not call them back again.  I've spent way too much time on the phone with Comcast about this issue.  Unfortunately I am one of the unwashed souls who needs to work for a living to pay my Comcast bill and cannot devote the time to resolve Comcast issues that is needed :-(      The solution posted by sj3vans worked !!!  Thanks !