Hello Swinog,
we've recently audited a small network and found that the customer configured devices were relatively secure configured. However the Swisscom Router/WiFi device (Zylex P-870HN-53b) seems to have the old uPNP exploit with a firmware that is not being updated anymore (upnp was disabled though - so this is hopefully not a big issue).
However, when scanning the router from outside, the port 7547 is openly reachable from the internet, which turns out to be TR 069 [0].
My question to the list is, if anyone can comment on the security of TR-069? And if it is a potential or real security problem to have the port open world wide?
We have never used TR-069 it so far, but my assumption would be that this port should only be reachable from a Swisscom admin network, however it is open world wide. As far as I can see the communication on port 7547 is plain http with http auth, which doesn't look very safe to me.
Does anyone here use TR-069 and if so, what is your the default policy for accessing the port?
Thanks a lot for your help and greetings from the last snow!
Nico
[0] https://en.wikipedia.org/wiki/TR-069