Updates on CyberSecurity, WordPress and what we're cooking in the lab today.

Check if Your Home Router is Vulnerable

This entry was posted in General Security on April 11, 2017 by Mark Maunder   103 Replies

At Wordfence, we make a firewall and malware scanner that protects over 2 million WordPress websites. We also monitor attacks on those sites to determine which IPs are attacking them and we block those IPs in real-time through a blacklist.

Tuesday morning we published a post showing how 6.7% of all attacks we see on WordPress sites come from hacked home routers. In the past month alone we have seen over 57,000 unique home routers being used to attack WordPress sites. Those home networks are now being explored by hackers who have full access to them via the hacked home router. They can access workstations, mobile devices, wifi cameras, wifi climate control and any other devices that use the home WiFi network.

Half of the internet service providers we analyzed have routers with a very specific vulnerability. This vulnerability is known as the “misfortune cookie”. We will call it the MC vulnerability for short. It has been known for a few years and was first disclosed by CheckPoint in 2014. It is now being used to hack home routers. Using the tool below you can tell if you have the MC vulnerability.

The MC vulnerability exists in a service that your ISP uses to remotely manage your home router. That service listens on a “port” number, which is 7547. Besides the MC vulnerability, this port can have other vulnerabilities, one of which was disclosed a few months ago. Researchers have been discussing the dangers of port 7547 in home routers for a few years now.

Your ISP should not allow someone from the public internet to connect to your router’s port 7547. Only your ISP should be able to access this port to manage your home router. They have the ability to configure their network to prevent outsiders from accessing that port. Many ISPs do not block public access to port 7547.

You can use the tool below to determine if your port 7547 is open to the public internet. If it is, we suggest you contact your ISP and ask them to prevent outsiders from accessing that port on your home router. Even if you aren’t vulnerable to one of the two vulnerabilities we posted above, future vulnerabilities may emerge on port 7547. By blocking public access you will protect yourself and your home network.

Check if you are vulnerable

To use this tool, simply click the ‘Scan me’ button and we will check the IP you are visiting this site from to determine if port 7547 is open on your router and if it is vulnerable to the misfortune cookie vulnerability.

This test attempts to connect to your home router port 7547 to see if it is listening and it grabs the response from that port and analyzes it. It is quite safe and if your port 7547 is publicly available, it already receives many scans like this every day from hackers and security professionals.

Scan me

What to do with the results

If you are vulnerable, we recommend that you:

  • Immediately reboot your home router. This may flush any malware from your home router.
  • Upgrade your router firmware if you can to the newest version. Close port 7547 in your router config if you are able to. (Many routers don’t allow this)
  • If you can’t upgrade your own firmware, immediately call your ISP and let them know you have a serious security vulnerability in your home router and you need help fixing it. You can point them to this blog post (the page you are on) and this CheckPoint website for more information. Let them know that your router has a vulnerability on port 7547 in “Allegro RomPager” that can allow an attacker to access your home network and launch attacks from your router on others.
  • Run a virus scan on all your home workstations.
  • Update all home workstations and devices to the newest versions of operating system and applications or apps.
  • Update any firmware on home devices where needed.

If you are not vulnerable, but port 7547 is open on your router, we recommend that you:

  • Reboot your home router immediately. You may suffer from other port 7547 vulnerabilities.
  • Upgrade your router firmware if you can.
  • Close port 7547 on your router if you can. (Many routers don’t allow this)
  • Contact your ISP and let them know that port 7547 on your home router is accessible from the public internet. Let them know that port 7547 is used by your ISP to manage the router. It should not be publicly available. Suggest that they filter access to that port to prevent anyone on the public internet accessing it.

How you can help

According to Shodan, a popular network analysis tool, over 41 million home routers world-wide have port 7547 open to the public internet. We are trying to get the word out to home users and ISPs to block this port and patch any vulnerable routers. This will help reduce attacks on the websites we protect and, far more importantly, it will help secure over 41 million home networks.

We found over 10,000 infected home routers in Algeria who use Telecom Algeria for internet access. These are home networks that have already been hacked. We found over 11,000 hacked home routers in India with BSNL, another major ISP in that country, where the routers have already been hacked. Let’s help secure our fellow internet citizens and prevent others from having their home networks compromised.

You can help by sharing this post and empowering home users to check if they are vulnerable. They can then contact their ISPs with the information and this will gradually cause ISPs to close port 7547 to outside access and to disinfect and patch vulnerable routers.

Did you enjoy this post? Share it!


4.16 (115 votes) Your rating:

103 Comments on "Check if Your Home Router is Vulnerable"

Irene April 11, 2017 at 6:33 pm • Reply

Thanks for taking the trouble, Mark. Being able to check one's home router is certainly very helpful.

Vikram April 11, 2017 at 8:24 pm • Reply

Mark, I'd like to extend to you my sincerest thanks for informing the public about such vulnerabilities time and time again. Your data studies and reporting is excellent.

I've been a Wordfence user for a while now and been reading your newsletter and blog since then. You always share some unique data in the WP security sphere and educate the netizens in what needs to be done to stay safe.

Also, after experiencing your plugins' superb functionality, I am thoroughly impressed.

I thought to myself if the free version was this good, how good the premium be? Well, I did subscribe to WF premium, and since then I am pretty relaxed when it comes to WordPress security.

My two primary needs (a firewall and a 2-factor auth for all users) both are handled beautifully by WordFence. On an average, I used to get anywhere between 10-50 brute-force login attempts daily, from IPs all over the world. This article explains how the hackers can automate and manage this process so well. Well, I'm sure this is just one of the techniques they use.

I'm glad I am using WordFence as I can laugh as those waves of brute force attempts crash against the WF firewall, Dual-factor authentication.

Educate yourself and follow the best practices, that's what I always say to our readers. Thanks for leading the way.

PS: I did scan my router and it was reported safe. Whew!

wclew April 12, 2017 at 8:46 am • Reply

Thank you so much for this tool! Can't say enough great things about WordFence.

Sterling Forums April 12, 2017 at 8:47 am • Reply

Installing Wordfence was one of the best decisions I've ever made regarding my online-website-Wordpress career.

chuckzwood April 12, 2017 at 8:49 am • Reply

You guys are great, thank you!!

Reine Johansson April 12, 2017 at 8:50 am • Reply

Great tool, great help! Lots of kudos!

Carlos Pereira April 12, 2017 at 8:51 am • Reply

Many thanks to you guys at Wrdfence !

As per your check my router is OK.

All the best and regards,

Carlos,grupo.paralaxe@gmail.com

Meagan April 12, 2017 at 8:52 am • Reply

Thank you for sharing this tool today! It was a relief to know my router is safe. I install Wordfence on every site. It's like having a silent business partner.

Kathy April 12, 2017 at 8:53 am • Reply

Can the scan be run accurately from a mobile device via WiFi?

Mark Maunder April 12, 2017 at 8:55 am • Reply

Yes. It will check whatever your public IP is for your mobile connection. So if you're using your home WiFi on a mobile device, it will check your home router as intended. If you're at a coffee shop, it will check their router. If you're connected via a VPN, it will check the exit node for the VPN, not your home router. If you're at the office, it will check the public IP for your office connection and if that's a router, it will let you know if that is insecure.

Rajat Gupta April 12, 2017 at 8:55 am • Reply

Thanks for the information. Since i cannot close the port 7547 myself, i will request my ISP for help.

Mark Maunder April 12, 2017 at 9:01 am • Reply

That's great Rajat. Let us know if they have any feedback.

Rochii April 12, 2017 at 8:56 am • Reply

"Your router is safe." :) huh !

Andrew Kelly April 12, 2017 at 8:56 am • Reply

Thanks for the utility. Great job and just one more reason to use Wordpress.

Mick Kozlov April 12, 2017 at 8:56 am • Reply

Tres echos of kudos above.

Well done.

Thanks.

~mak

waptug April 12, 2017 at 8:56 am • Reply

Great tool. Thanks for creating this for us to use. I always find your site full of great information.

michel April 12, 2017 at 8:57 am • Reply

Thanks very much for this helpful tool and your regular and very interesting newsletter /reports. Your report is one of the few newsletter that I read every time. Your premium version is worth every penny and I will strongly recommend it.

Paula April 12, 2017 at 8:58 am • Reply

Thank you so much for always providing important information to keep our devices and websites safe and secure. WordFence is the best!

Jack April 12, 2017 at 8:58 am • Reply

Thank you for the the warning and link to check security vulnerabilities. I will post it.

Bill Cumming April 12, 2017 at 9:00 am • Reply

I'm stuck here in the UK using BT's "Home Hub 6" router.

It's vulnerable and no way to manually block the port using their router.

have sent them a message about this, doubtful they will fix it quickly...

Mark Maunder April 12, 2017 at 9:01 am • Reply

Wow, first vulnerable router Bill. Thanks for sharing. Definitely reboot it immediately and then contact BT urgently.

RK April 12, 2017 at 9:29 am • Reply

The latest Plusnet router (which is the same as BT's/same company) shows up as safe, so they may be able to change the router to a later one?

Craig April 12, 2017 at 9:55 am • Reply

I would change router back to the hub 5 im on hub 5 bt and in uk and all is good .

James April 12, 2017 at 10:42 am • Reply

@ Mark

Does this malware use the same method of attack as mentioned in this old article?

http://www.ispreview.co.uk/index.php/2014/12/masses-broadband-routers-hit-misfortune-cookie-security-scare.html

Because in this article BT tested their routers and stated that they're unaffected. They clarify the point towards the bottom of that post in the updates section.

Thanks

Mark Maunder April 12, 2017 at 11:49 am • Reply

Yes we think these routers were exploited by CheckPoint's misfortune cookie vulnerability. I haven't read the post you linked to yet but can see MC referenced in the link (sorry, short on time). I'd also add that there's a new port 7547 (TR-069 service) exploit doing the rounds and more will emerge. They really should block the port from public access.

Jim Mahannah April 12, 2017 at 9:00 am • Reply

Thanks for this excellent post, Mark. You're doing great things!

Bill Peschel April 12, 2017 at 9:02 am • Reply

I'm very much relieved my router has been blocked, thanks to you. I'm looking forward to upgrading my service.

matt April 12, 2017 at 9:05 am • Reply

Thank you for this research and this testing utility

Eric Dubois April 12, 2017 at 9:17 am • Reply

Thanks for the tool.

Is the message "Your router is safe" unrealistically reassuring? Would it be more accurate to say "Your router's port 7547 is safe" since that's the only test performed and other vulnerabilities may still exist?

Mark Maunder April 12, 2017 at 9:35 am • Reply

Hi Eric,

I'm not sure I agree. I think we've made it clear we are only checking port 7547 and so the response can be interpreted as "Port 7547 is safe" (because it is closed). Thanks for the input.

Mark.

Eric Dubois April 12, 2017 at 11:36 am • Reply

The article is very clear and the first wave of users (mostly developers) understand it. But when average users test it (which hopefully will happen), many will only look at the button and the response without the context and misinterpret it as a clean bill of health.

Mark Nordeen April 12, 2017 at 9:24 am • Reply

You guys are like the Carrie Mathison of web security...always saving our butts!

Stephen April 12, 2017 at 9:25 am • Reply

Great article for which many thanks.

I have a BT Home Hub 6 - the port is open and now speaking to the BT Help Desk - I have forwarded them the link to the page to help them.

Heartfelt thanks for all you are doing to keep us all safe !

Dee April 12, 2017 at 9:29 am • Reply

Thanks for this Mark! I tested and am safe. I will share your post with my clients and friends. Wordfence, you and your team have been an invaluable service and source of up-to-date information.

Don Hill April 12, 2017 at 9:31 am • Reply

Thanks, Mark, for all you do... great job!

Jason G. April 12, 2017 at 9:33 am • Reply

Great tool! Thanks for sharing this! Am passing the word along to family and friends.

Andrew Sampson April 12, 2017 at 9:34 am • Reply

Mark - greatly appreciate what you do

Michael April 12, 2017 at 9:37 am • Reply

Great information and have passed along the informative article to my clients. Email alerts and emerging threats are great to receive. Thank you for keeping us informed and above all, your product! Michael

Rudi T April 12, 2017 at 9:37 am • Reply

Thanks so much for doing great things to protect networks worldwide. Going with Wordfence is the best decision I have made in years.

Wayne Cochran April 12, 2017 at 10:00 am • Reply

Great tool, I've passed it along to everyone in my office to make sure everyone is being safe at home.

Tony April 12, 2017 at 10:01 am • Reply

I checked my router with your scan and was informed that I have an open port. I then checked with my internet provider, BT and was informed that the open port poses no threat at all and I should ignore it? So now I have conflicting information and I am not sure what to do about it. I cannot see any way to close the port in question and BT are saying that I shouldn't even bother trying as it poses no threat to anyone?

Mark Maunder April 12, 2017 at 12:49 pm • Reply

We disagree. It may not be vulnerable, but an ISP management port should not be accessible to anyone on the public Internet.

Paul Bailey April 12, 2017 at 10:03 am • Reply

Thanks for keeping us informed Mark. You can't be too careful these days. My router is safe :)
And I use wordfence on my websites.

Peter Juselius April 12, 2017 at 10:09 am • Reply

Very much appreciated.

Thank you!

Eric April 12, 2017 at 10:14 am • Reply

Just posted this on my facebook page. Thanks for the tool.

Deb April 12, 2017 at 10:30 am • Reply

Thank you!

Bob April 12, 2017 at 10:32 am • Reply

Seems that Comcast/Xfinity is wide open and vulnerable.

Mary April 12, 2017 at 10:38 am • Reply

I am so grateful for WordFence. I have enabled premium WF on both my personal and work websites, and I can't imagine *not* having it. WF makes a dangerous web feel a lot more secure. Thanks!

Ed Smith April 12, 2017 at 10:56 am • Reply

Port 7547 is the Comcast public access Wi-Fi installed in over 16 million routers worldwide. I had already contacted them regarding hacking possibilities. They say it cannot happen. Of course, I am a realist. Anything can happen. One fixes vulnerabilities and the hackers learn how to do something new. It is simply a case of staying ahead of the chase. I would humbly like to add that all users of modem/routers install very strong passwords to login, as well as, for Wi-Fi registration. Sadly, there isn't much more that I can do in this case. While logged into the modem, I did see your tool test and DHCP IP address. In sum, there is not more I can do without upsetting the gateway 'apple cart'. Thank you very much Mark. I am considering your request for part-time engineers to help Wordfence. I have also checked my website and with multiple anti-malware software, I have any changes going to my inbox, automatically. Thank you, again for a great service. Sincerely, Ed Smith

Belen Gordon April 12, 2017 at 11:30 am • Reply

Thank you, to Mark and the Wordfence team for the tool and having our backs.

Norman Brown April 12, 2017 at 11:34 am • Reply

Thanks to Wordfence - we use your plugin on every site we design. And we really appreciate the ongoing support you provide with articles like this one.

D Caulfield April 12, 2017 at 11:52 am • Reply

Thanks for this. I ran the scan on my EE Bright Box. The result came very quickly. Safe!

Tyron April 12, 2017 at 12:16 pm • Reply

Thanks Wordfence for such a fast turn around and convenient tool

Oliver April 12, 2017 at 12:24 pm • Reply

Fortunately no 7547 open but I do have port 8088 open on a Vodafone router. My ISP won't close it. I've spent 2 weeks telling them this is a vulnerability but got no where.

Michael April 12, 2017 at 1:08 pm • Reply

This test is only valid if run from a computer that is *not* connected to a VPN or Tor. In these cases, you are not testing your router, but instead the VPN server or the Tor exit node.

Mark Maunder April 12, 2017 at 1:11 pm • Reply

Correct.

Donald April 12, 2017 at 1:35 pm • Reply

Great job as always. Thanks guys... you are the best. All good on my router.

Dawn April 12, 2017 at 2:32 pm • Reply

So glad to find out my router is safe - I wouldn't have thought to check that or have any idea how to go about it. Wordfence rocks. Thanks!

Eric April 12, 2017 at 2:58 pm • Reply

Thanks for your service. It is worth paying for the premium version to support your work!

Captain Jack April 12, 2017 at 3:13 pm • Reply

Well this post was something that everyone could use. I really like that your team is willing to expand the scope to the masses, not just WordPress users. It's a great idea to help protect the public from having their equipment from being compromised which in turn helps protect our websites. Now if we could somehow replace Log/Pass for something better. ;)

Nicky April 12, 2017 at 3:45 pm • Reply

Thank-you very much for that little extra peace of mind.

Bill Hartmann April 12, 2017 at 4:03 pm • Reply

Thanks guys. I'm pleased to see I not one of the contributors.

David Farr April 12, 2017 at 5:50 pm • Reply

I did the check and it said I was vulnerable but the warning code mentioned "Cisco..." I don't use a Cisco router. My Xfinity/Comcast modem/router is made by Arris. I called Comcast and they said none of my ports are open. I'm not sure what to do. I see others reporting that Xfinity is vulnerable. How do we tell Comcast this?

Mark Maunder April 12, 2017 at 9:04 pm • Reply

Hi David,

Can you please email me your public IP address and the exact data you got from our check tool. You can use whatsmyip.org to get your public IP. So check your IP and then re-verify what you saw, and then shoot me an email at mark@wordfence.com. I can investigate further and will share (privately) what we find.

Mark.

David Farr April 13, 2017 at 11:14 am • Reply

Hi Mark,

Thanks for your reply. I just sent you a personal email. Thank you!

Mark Maunder April 13, 2017 at 11:36 am • Reply

Thanks David.

Colleen April 15, 2017 at 6:28 pm • Reply

Could you please make public anything you find out from Xfinity/Comcast in the US? I also got the warning that the port was open and possibly vulnerable.I have an xfinity router made by cisco.
Thanks!

Mark Maunder April 16, 2017 at 10:24 am • Reply

We currently have no plans to research that ISP specifically.

Dale Neff April 12, 2017 at 7:47 pm • Reply

You guys are the best. Every time I think ok they are on top you come out with something better. It is amazing that you compete with yourself to keep out doing yourself. That is a sign of a true leader.

Lars Andersson April 12, 2017 at 7:52 pm • Reply

Your work is truly amazing, guys!
Almost makes me feel guilty for only using the free version ; )
Even though my router was not on the list, yesterdays post made me check my firmware version, and to my dismay discover that I never upgraded it when I installed my new router a few months ago! Ah well, unpleasant as it was to have to take time to do it, now it's done and I'm glad I did it - you never know...
Cheers
Lars

Mark Maunder April 12, 2017 at 9:02 pm • Reply

That's great Lars, nice catch!!

Mickey Hoh April 12, 2017 at 9:01 pm • Reply

Thanks very much for sharing this !!

jens April 13, 2017 at 12:09 am • Reply

So cool, just make a button for checking. How simple can you make it?
Really awesome work Wordfence, love to read the blogs :)

Thanks for al the work!

Jim April 13, 2017 at 3:55 am • Reply

Just checked my router now, it's safe. Thanks for the valuable piece.

Cathy Rust April 13, 2017 at 6:23 am • Reply

Hi Mark,
I found your plug-in through the Wordpress forum when I was having some issues with my site crashing. I've installed Wordfence on my site and it found some malware which had been causing some problems.
I'd like to thank you for the work you do to keep our sites safe and for providing these additional products to check our system to make sure they're not infected.
Thanks so much!
Cathy Rust

wclew April 13, 2017 at 7:17 am • Reply

Wow, tested last night and found my home router, provided by COMCAST, did have the vulnerability. Took almost an hour on the phone with them to get this resolved. I would guess that most of the COMCAST provided routers are configured the same (yikes!).

Mark Maunder April 13, 2017 at 8:49 am • Reply

Thanks for the feedback. I just want to confirm: So Comcast took action and they were able to close port 7547 for you?

Thanks.

Phil April 13, 2017 at 9:26 am • Reply

Thanks for the warning. I am safe, I sent your link to facebook, twitter and tumbler.

Kenneth C Young April 13, 2017 at 10:50 am • Reply

This post was very interesting and informative. It's sickening what hackers can do today and they should be putting their intelligence to better use.

I have ran the scan to see if my router is safe and I am happy to say that it is.

Kenneth C Young

Fabricio April 13, 2017 at 11:06 am • Reply

Hi Mark, the best for your and all your professional team. Thank you for this great tool.

Keith April 13, 2017 at 11:23 am • Reply

Rats. BT SmartHub - vulnerable and the user can't close 7547.

Thank you for the tool, and I agree with you that with these kinds of exploits in the wild, 7547 should not be publicly accessible.

Daniel Barber April 13, 2017 at 12:35 pm • Reply

Thanks so much for all the fantastic info, the solid software and for this particular warning and the tool for checking our routers. Rock solid on!

David Stevens April 13, 2017 at 5:42 pm • Reply

Another way to check your router for vulnerability and others is to use the utilities at https://www.grc.com. As always you stimulate me to ask more questions. Couldn't Internet Service Providers block all access external to their network to port 7547?

I hope you are working with ISPs to encourage them to clean up their vulnerabilities.

I wish there was a way to have Steve Gibson read about your research.

Danton April 13, 2017 at 11:51 pm • Reply

Thanks for this info. Was able to check my router with the tool

Victor April 14, 2017 at 7:36 am • Reply

Many thanks Mark, the scan was very useful. I live in one of the listed countries, have a ZyXEL modem-router and an ISP with abysmally poor support. Last week I had some Internet issues and tried to access my modem-router and could not. I ran your scan with the result "Your router is vulnerable. The port returned: RomPager/4.07 UPnP/1.0"

After ensuring I had all the settings needed, I did a reset and was able to gain access. On the Admin page I found: http://acs.telkom.net:9090/web/tr069 and a field for the port which was filled with 7547. The field could not be empty so I entered a figure above 50000 and tried the scan again. This time the massage was: "Your router is safe". Another door closed! Thank you again!

I spent half an hour on the telephone to my ISP Customer Service, but even after reaching a supervisor I realised that I was wasting my time, so I tried to get an e-mail address for someone to contact, but was told the only one was @customerservice. From experience I know that the mail box is always full.

I decided to check for firmware updates at Zyxel and found that the exact model of my router was not listed. There are hundreds of thousands of the same model in this country. Without a listed Model No., you cannot open the message field. I picked the closest one and entered the Serial No. and the SN(??), explained the issue in detail and clicked Send. A few minutes later, I received an e-mail: lUndeliverable: Zyxel【Contact Support】Delivery has failed to these recipients or groups: ZySG-Support@zyxel.com.sg!!! Checking Whois told me the server was in Taiwan, so complained to the postmaster and admin, but probably a waste of time.

Paul April 21, 2017 at 6:33 am • Reply

Thanks for the post :) - I had updated my firmware on my affected Zyxel router but being naive/stupid I didn't actually test it after update - I just assumed it worked. Turns out it didn't as this page and other apps flagged it up.

Having been back and forth with their support and two further firmware updates (their contact form is buggy if you try and contact them - sometimes the form company field needs to be left empty and the attachment field clicked but left empty) they want me to block the 7547 port manually. At the moment followed their documentation link they sent the port is still vulnerable.

So waiting to see if they can help me again if it still persists I guess I'll have to buy a new router.

Paul April 26, 2017 at 3:16 pm • Reply

Hi Victor

Sounds like your ISP and mine did the same thing - using the 7547 port to do updates. I updated the firmware and I disabled the ISP service in the end and back working :)

Amy April 14, 2017 at 8:35 am • Reply

THANK YOU !

You guys ROCK!!!!!!

:-)

Ertywek April 15, 2017 at 9:09 am • Reply

It says i'm safe ...

Joe April 18, 2017 at 3:06 am • Reply

When contacted, our ISP replied:

We do not have the ability to block any ports. That has to be done locally at pc or router level.

Can you provide more info to educate them???

Mark Maunder April 18, 2017 at 9:42 am • Reply

You should find out if your router is owned and operated by them or if it's your own equipment.

Joe April 18, 2017 at 3:05 pm • Reply

The router is ours and has been updated to the latest firmware - Linksys e1200. There is no visible option to block a port. Would moving to the Tomato firmware offer this option?

Mark Maunder April 18, 2017 at 3:38 pm • Reply

I'm doubtful that you're connecting to your own router. Wondering if there's a way you can verify it's actually your own router you're connecting to. Can you login to it and check what IP it has received on it's WAN interface and then try telnetting to port 7547 on that IP?

Joe April 19, 2017 at 7:35 am • Reply

The router is sitting here in my office. When I run your scan, it says vulnerable.

There is a DSL modem between the router and the wall connection - we checked and there is no updated firmware available for it.

Dennyariz April 18, 2017 at 9:59 am • Reply

I ran the scan,but received the following message: "An error occurred when trying to test your router."

Mark Maunder April 18, 2017 at 10:04 am • Reply

We have an issue with the scan currently. Working on a fix. Should be back up within 2 hours.

Mark Maunder April 18, 2017 at 10:11 am • Reply

It's fixed now. Was down for just a few minutes.

Lester Bauman April 18, 2017 at 3:46 pm • Reply

I have two routers, the one is my internet gateway and the second plugs into it to run my network. So I suppose that this tests the gateway? Is there anyway to test the one that is nested within that?

Paul G. Hackett April 19, 2017 at 10:01 am • Reply

Thanks for this post and free online tool to check if my homes router is insecure and how to make it secure if it is. This is the type of post & tool that I will take the time share on all the platforms I am associated with.

James April 20, 2017 at 3:46 pm • Reply

I ran the test and it tells me I have port 7547 open.
I login to my router and find no way to block the port.
I call Comcast/Xfinity to ask to have port 7547 blocked.
The tech tells me I am 100% safe because Port Forwarding, Port Triggering, and Remote Management are all disabled.
Does this sound reasonable?

Joe April 21, 2017 at 6:00 pm • Reply

Can anyone tell me if I change the firmware in a Linksys e1200 to the Tomato software will that then allow me to block the port?

Sherrey Meyer April 23, 2017 at 12:29 pm • Reply

Thanks for going to the trouble to provide the scanner. Fortunately, we came up safe. However, you have no way of knowing, and being provided an easy tool to find out is worth our gratitude many times over.

Paul April 26, 2017 at 4:33 am • Reply

After much too and fro it appears some ISPs used outside companies several years ago to manage router distribution and updates - they used the 7547 port to send updates.

So even with firmware updates vulnerability existed - now I've disabled this service the router shows as safe

Thanks sincerely for this post

Get the latest WordPress security updates and news

Sign up for WordPress security alerts, Wordfence product updates and security news via email.