Avast Alert.... Open port 7547

I have recently installed the Plusnet Hub Zero 2704n Router; a router provided by Plusnet, a UK ISP.
During a WiFi Inspection performed by the Avast Antivirus software installed on my PC, an alert has been identified claiming the router has not been configured correctly.

The Avast Antivirus software states:
Your device currently has a needlessly large attack Surface, which makes it easier for potential hackers to reach your data.

Open ports reachable from address: 87.113.xx.xxx

Open ports reachable from the Internet include: 7547

Vulnerability ID: HNS-WAN-ACCESS


I don’t want to use a Broadband WIFI connection that my Antivirus software has identified as an Alert, a Security Risk and open to potential attacks from hackers and is therefore, unsecure.

Further enquiries have revealed that Port 7547 is open and open to the public, therefore my private and personal internet activity maybe monitored or compromised by unauthorised third parties.

Additional information, which I’ve found online states:
The Router has vulnerability on port 7547 in “Allegro RomPager” that can allow an attacker to access your home network and launch attacks from your router on others

Plusnet have replied and stated:

[i]The port in question is the one that allows auto configuration of the router either on first set up or when the main authentication password is changed, it can automatically be updated on the router.

This is why we advise that your router is on during a password change.

I’m afraid that we are unable to close this port off without having your router experiencing issues. You may be able to port forward the port elsewhere but this can also stop any automatic configuration of the router. [/i]

Although Plusnet make reference to port forwarding, apparently, it’s not an option available on my Router.

Plusnet, appear to be dismissing the Avast Security Alert and my concerns !

Is the open port 7547 a serious security risk, one which I should be concerned about, which Plusnet should resolve?

Avast is the agent informing you of a possible configuration/safety issue with your router. Your question really is not about Avast but about your router and possible problematic settings.

I’d suggest a site such as this one and, if their answer works for you, let us know.

https://www.bleepingcomputer.com/forums/f/21/networking/

Allegro RomPager:

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28015

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24686

Affected Allegro RomPager 2.10, 2.20 Response RomPager 2.20 was released in December 1998 and is not susceptible to this problem. Users of affected equipment should contact the vendor of that equipment for fix information. Manufacturers of affected equipment should contact Allegro. Contact information for Allegro is available at http://www.allegrosoft.com

I posted on this forum because it’s the Avast Antivus that’s creating the Alert and claiming that my device currently has a needlessly large attack Surface, which makes it easier for potential hackers to reach your data.

I also expected other Avast users to have experienced the same issue and thought they would share their experience and advise.

My router is provided by my ISP (Plusnet) and it arrived configured; all I had to do was plug it in and connect my devices by entering the password/keys provided.

Since the Open port Alert became apparent; I’ve accessed my router online and port forwarding is not a changeable option and other than changing my admin user name and password/access keys, I’ve no idea what to do.

Plusnet are dismissing my concerns but won’t confirm whether my WiFi Broadband Connection is private, safe and secure,

How and why has Avast identified port 7547 as open and a Security Risk;

I appear to be stuck in the middle !

Has no one else on this forum been alerted by Avast to open port 7547 ?

It’s your router. Unless someone has the same router, they aren’t going to get that message.

According to an article here:
https://www.wordfence.com/blog/2017/04/check-your-router/

I think there’s more to it than it only being my router.

bob3160, based on your reply; if I acquire a new router will the vulnerability and the open port 7547 go away ?

Not necessarily. You’ll need to do some research to see if the router you are considering has updated firmware that fixes this vulnerability.

Should this not be the responsibility of my ISP, who provided an own brand router ?

Ultimately, the security of your system and any internet connected devices is your responsibility.
It’s your information that’s at risk. You can demand that your ISP supply you with a safe router but,
in the end, the responsibility is still yours.

I disagree, I pay my ISP to provide a service and included within that service is a router.

The service I’m paying for and the equipment provided to access that service should be fit for purpose and the connection through that service should be secure and not compromise my privacy.

Caveat Emptor:
The principle that the buyer alone is responsible for checking the quality and suitability of goods before a purchase is made.

About all you can do is change the admin name and create a complex (non-default) password it seems. The router belongs to Plusnet and not to you, unless you actually purchased it.

Fortunately, here in the UK, a new product purchased has to be fit for purpose and of merchantable quality.

Should an new item be purchased that has a defect or a manufacturing fault, the buyer can request a full refund; claiming a loss of faith in the brand or a particular product.

If bought online or via mail order, under the distance selling rules, a faulty new item can be returned at the retailer/sellers expense.

Otherwise, within the first 6 months of purchase it is the retailer/seller to prove the new item is not faulty or suffering from a manufacturing defect.

However, my router is part of an ongoing service contract, therefore, I can only assume the same legislation applies.

However, although I appreciate all replies in response to my post, please don’t muddy the waters further by adding legal arguments.

As I stated in my original reply, You have a right to demand a secure router from your ISP.
It is still up to you to do so. It is your information and your responsibility to keep it safe.
You need to pursue this.
Avast advised you of the vulnerability it is now up to you to fix the problem. What ever that may entail.

Yeah, I already know this and that’s why I’ve turned to this forum for assistant.

Plusnet are dismissing my concerns, claiming my router isn’t affected and haven’t provided an answer as to why Avast has identified port 7547 as open and a Security Risk.

I guess Plusnet are attempting to imply Avast has identified a false Alert.

Since you’ve entered a legal binding agreement with PlusNet for their services, it is time to read the fine print in their/your contract. Somewhere in there there should be a section about your router or router(s), and what your options/legal rights are.

With this issue, I wouldn’t assume anything.

All Avast did was let you know there was an issue with a vulnerability dating back to 2005. With a vulnerability this old, not likely at all this is a false positive, especially given the fact that firmware updating for this vulnerability has been lax at best.

Surely a Security Issue dating back to 2005 shouldn’t be apparent on router supplied roughly 2 months ago and 13 years later ?

However, I’m not accusing Avast of anything, I only posted on this forum as I believe other Avast users may of encountered the same issue.

Although the Alert identifies the router has having an open port, it’s my believe the issue lies within the broadband internet connection, otherwise would a replacement router resolve the issue ?

You can try GRC web port scanner here: https://www.grc.com/x/ne.dll?bh0bkyd2

Click Proceed to go to the next page. You’ll need to manually enter your custom port number for scan results; the router UPnP scan is also useful.

My port shows as stealth.

I assume I used the link provided correctly; after proceeding to the next page, I entered 7547 and selected " User Specified Custom Port Probe ’ only to receive a FAIL

Stating: 7547 OPEN Unknown Protocol for this port