TD-W8970 - Open port 7547 / Config issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

TD-W8970 - Open port 7547 / Config issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
TD-W8970 - Open port 7547 / Config issues
TD-W8970 - Open port 7547 / Config issues
2013-03-29 17:23:28
Region : UnitedKingdom

Model : TD-W8970

Hardware Version : V1

Firmware Version : 0.6.0 1.2 v000c.0 Build 130201 Rel.54921n

ISP : O2


Hi All,
I received a new TP Link TD-W8970 yesterday and have some questions around this product.

1. It appears that port 7547 is "open" at all times. This is used in conjunction with CWMP, but this service is "disabled" on my router. Also, I have not forwarded port 7547 in virtual servers, nor do I use the DMZ. This is a hole in router that could be exploited.
Is there a fix for this??







2. When entering a rule within virtual servers for port forwarding, I can only state the service port. I would like to be able to map an "external" port to an "internal" port (and internal IP). This function is available on most other routers out there.
For example:- an RDP rule.........connecting externally using 93.96.121.XX:50000 which is then mapped on the router to 192.168.1.50:3389
Can this be added to a FW update please?





3. A WOL function would be really nice (so that you can wake up systems from the router).

I will be sending this information via email to tech support as well as the phone support was not good TBH!

Regards
Mark
  0      
  0      
#1
Options
22 Reply
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-01 06:32:58
that's really good to keep tplink guys informed
  0  
  0  
#2
Options
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-11 06:15:55

markdeejay7 wrote

Region : UnitedKingdom

Model : TD-W8970

Hardware Version : V1

Firmware Version : 0.6.0 1.2 v000c.0 Build 130201 Rel.54921n
[FONT=arial]
ISP : O2

Hi All,
I received a new TP Link TD-W8970 yesterday and have some questions around this product.

1. It appears that port 7547 is "open" at all times. This is used in conjunction with CWMP, but this service is "disabled" on my router. Also, I have not forwarded port 7547 in virtual servers, nor do I use the DMZ. This is a hole in router that could be exploited.
Is there a fix for this??




The port is always open and the service is always running...it gets worst...its running with default user/password :(
See my post here with more info: http://forum.tp-link.com/showthread.php?2426-TD-W8980-port-7547-TCP-open-by-default
[/FONT]
  0  
  0  
#3
Options
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-11 15:27:06
1. You can change CWMP port to other port e.g. 65534 in CWMP page, then port 7547 may work with DMZ.
2. Maybe you mean "Port Triggering".
  0  
  0  
#4
Options
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-11 20:54:11

Saki wrote

1. You can change CWMP port to other port e.g. 65534 in CWMP page, then port 7547 may work with DMZ.
2. Maybe you mean "Port Triggering".


You misunderstood his posts.


1. He says that there is no reason for port 7574 to be open and is concerned about this security hole.
This is a huge security hole, CWMP port (7574) can not be closed/stealth, it's allways open with CWMP service always running, with default user/password (if you don't change it).

Try this in you browser:
http://router_wan_ip:7547/tr069
http://router_wan_ip:7547

Notes:
You can find your "router_wan_ip" in W8970 status page, under WAN, IP/MASK, you must replace router_wan_ip with your wan ip, in the links above.
You can login from the LAN and from the WAN.

This means anyone from the internet can login into this port using the default user/password.


2. He does mean "port forward", in this router it's called "virtual servers".
He wants to map the external port to a _different_ internal port.
You can't do it in this router, you must use the _same_ internal and external port.

http://en.wikipedia.org/wiki/Port_forwarding
http://en.wikipedia.org/wiki/Virtual_server
Quote: "Virtual server" = Another name for "port forwarding" used by some routers.
  0  
  0  
#5
Options
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-12 10:22:07
OK, I know what you mean now. In some other models such as TD-W8960, this is supported.
  0  
  0  
#6
Options
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-12 17:48:01
Thanks for you comments guys!
Mr Wolf......You are spot on. The open port issue needs fixing ASAP!
The virtual server port mapping is not essential for me, but it would be nice as I don't like to use common "known" ports for connections to my services, and without this function in the router, it means I have to change registry settings in my servers.

I can report that the IPSec VPN seems to work well, although I did have some drop-outs before enabling "DPD". Seems OK now.

For the price, this is a really "function filled" device. I just hope that these things can be added/resolved on a firmware update............

* Port 7547 fix to close the port as default
* Add internal and external port mapping capability to "virtual servers"
* Add WOL function from within the router

If these were done, I would be a happy man indeed :-)

Regards
Mark
  0  
  0  
#7
Options
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-12 19:57:54
Some time ago, I've found this tutorial how to configure WOL (from the WAN) in any router.
It's not the same as you are asking for and it's less secure, I never tried it, so you will need to test it...

http://wakeonlan.me/kb/net/tplink_wol.php
  0  
  0  
#8
Options
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-17 16:53:33
Hi All,
TP-LINK has released new firmware to fix this problem,,,
link: http://www.tp-link.com/en/support/download/?model=TD-VG3631&version=V1#tbl_j
release note: Fix the problem that port 7547 can be accessed even though CWMP is disabled.
  0  
  0  
#9
Options
Re:TD-W8970 - Open port 7547 / Config issues
2013-04-17 20:17:43

peter wrote

Hi All,
TP-LINK has released new firmware to fix this problem,,,
link: http://www.tp-link.com/en/support/download/?model=TD-VG3631&version=V1#tbl_j
release note: Fix the problem that port 7547 can be accessed even though CWMP is disabled.


Good news, but that's for TD-VG3631.
Let's wait they release the same fix for the other models now (including the W8970).
  0  
  0  
#10
Options
New FW for TD-W8970 - Fixes open port issue.
2013-04-17 20:19:02
Hi Peter,
Thanks for the heads up on this.
Just checked Mr Wolf's post and it seems that we will need to wait for the TD-W8970 update as this is for another router.

Cheers
Mark
  0  
  0  
#11
Options