I use a security software and receive their bulletins regularly, one of which referred to home routers.
In this article they say how to check for the vulnerability through port 7547 and when I ran the test it came back saying that mine is (the one I got from Comcast).
"Your router has port 7547 open and may be vulnerable. Response: Cisco-CcspCwmpTcpCR/1.0"
How can it upgrade the firmware to the latest available, and separately, how can I close port 7547 to address this vulnerability?
Solved! Go to Solution.
If you own the router and it's not part of an all-in-one modem+router gateway device, you'd need to work with the manufacturer to correct the problem.
If Comcast owns the router or if it is part of an all-in-one modem+router gateway device, the firmware is under their control and you're stuck waiting for them to fix the problem.
I found a way to mitigate for this. Sorry if this is a bit technical. If it doesn't make sense, ask a network savvy friend to help you. In your X1 router, go to Advanced >Port Forwarding, enable it, and add a service for that port that points to a non-existant server IP. For example, I added one with Common Service: Other, Service Name: wharever but I used "Mitigation", Service type TCP/UDP, server IP 10.0.0.5 (this was an IP I know is not assigned to anything on my network...try pinging an IP before using it), and for IPv6 do the same, and enter a start and end port of 7547. Save it. Test again and you will see that the port no longer responds (as it is being redirected to a non-existant server which thus can't repond). Hope that helps!
I following this, and the test worked (it failed once I sent 7547 to a bogus ipv4 ipAddr). I left the ipv6 blank, I was not having any success in find what valid address or range I could put in there. Ideas on what to put into the ipv6 addr?
Also, I'm curious as to why blocking 7547 within the managed services (just create a name, assign it to 7547) didnt work.
I would bet that everyone who ran that test against their router would get the same result; open.
Gibson has the same test and it says it is open on my gateway.
RobertWy wrote: ... I would bet that everyone who ran that test against their router would get the same result; open. ... Gibson has the same test and it says it is open on my gateway. ...
"Everyone"? Are you sure about that? For ALL routers and ALL gateways? Cite?
The point of your reply is unclear. It could be interepreted to mean "everyone's vulnerable, don't worry about it", which strikes me as an odd position for one to take, especially for an "expert".
Are you really suggesting that customers with vulnerable equipment "not worry about it"?
Thanks sj3vans for this good suggestion to use port forwarding. Earlier this month I called Comcast several times about their open port 7547. The last call I spent about 2 hours on the phone and had several of their technical agents tell me that it was impossible 7547 was open because I had no port forwarding enabled at that time - I am a relative newbie with routing, but even I knew that is baloney. I was eventually transferred to the Comcast Security Dept, was promised they would open a work order on this and have a response within 24-48 hours. That was 2 weeks ago. I now realize Comcast will never respond to my request for assistance to close port 7547 and they seem unconcerned that this provides a security risk to their paying customers, in spite of the growing body of evidence this open port is now being targetted.
No I did not call them back again. I've spent way too much time on the phone with Comcast about this issue. Unfortunately I am one of the unwashed souls who needs to work for a living to pay my Comcast bill and cannot devote the time to resolve Comcast issues that is needed :-( The solution posted by sj3vans worked !!! Thanks !