Avast network scan - incorrect results ?

After network scan - I have 2 issues:

  1. Weak password
  2. Vulnerabilities rom 0

My router: TP-Link TD-W8951ND

About 1: My router password has 15 characters (big letters, special signs, numbers etc) Why does Avast suggest that this pwd is weak ??

About 2: I have just changed router config according to this tutorial: http://tplink-forum.pl/faq-konfiguracja-tp-link-a/jak-sprawdzic-czy-router-adsl-firmy-tp-link-jest-zabezpieczony/ (screens in english)

According to router producer, after this change bug with vulnerabilities rom 0 is protected. Why does Avast suggest issue in this case ?

Please run this test and let us know the outcome > http://rom-0.cz/index/

The ROM-0 vulnerability can not be solved by changing settings.
It needs a firmware update where the problem is fixed.

I will run tomorrow (at the moment I don’t have any access to that computer).

But after these settings: http://tplink-forum.pl/faq-konfiguracja-tp-link-a/jak-sprawdzic-czy-router-adsl-firmy-tp-link-jest-zabezpieczony/
access from WAN to router is impossible. Only from local network. So from outside LAN nobody has access to router settings ? Am I wrong ?

What about issue with weak password ? I changed default password to quite long and untypical…

I run test, outcome:

Address is probably not vulnerable

So… everything is fine ?

Maybe avast scanner uses ip (during scan): 192.168.1.1 instead of external computer ip ? What do you think ?

What about issue: weak passwsord ? Any ideas ? Is Avast contains any additional logs/messages from scan ?

Thank you.

----- EDIT

Sth is wrong.
Yesterday I run default settings on router and I changed password admin to my untypical password.

And after avast scan, I have information:
Weak password, Username: user, Password: password.

When I try to login to router with this credentials user/passwrod - I have an access to router !!!
My second password (difficult) works too.

Is it a serious situation ?
Someone took control on my router ?

Are you sure you acknowledged the password change ?
Because if it resets to default name/password there sure is something not correct.
Depending on the ISP’s policy you should at least be able to change the password.

As for how avast scans/checks, that is for someone from avast to answer.

default password (ater reset): admin/admin

I changed pwd to: admin/mydifficultpwd

additionally after this change router has second password: user/password !!!

Why ?

Maybe someone took control on one local computer and from this ‘local computer’ modified router settings ? (omitting rom 0 bug from LAN) ?

I suspect your ISP is responsible for the name/password.
They almost always have a “back-door” so they can remotely login/run firmware updates.
I would say ask them and see what they tell you.
Keep in mind that they are not always exactly honest about things like this :wink:

I thinki it is really strange. My ISP is the biggest company in my country…

Are you sure that it is change from my ISP ?

Size of the ISP doesn’t matter.
They all have (sort of) the same policy and way they are working.

Yes, they do have a back-door build into their modems/routers.
Guess what it will cost if the need to send someone to all their customers to update the firmware :wink:

I don’t understand.

This router is my own router (not from my ISP).

Why my ISP may want to update my own router ??

Normally the modem/router is provided by the ISP.
It stays their property.

If you have bought it in a store, you should ask the modem manufacturer about what is going on and how to change things.

Yes, I am talking on other forum with router provider.

They said that this additional pwd is not connected with this ISP or their company.

But to be honest, I think that avast was really helpful with this scanner (avast found this strange credentials user/password).

Maybe guys from Avast have any additional ideas ?

Hmm, if it is not your ISP and the manufacturer also doesn’t know it…
I would get the latest firmware for the router and install that.

Wish to report the same problem with Avast and my TP-Link modem/router.

It’s my device - never owned or touched by the ISP. The out-of-the-box userid/password is admin/admin. That was changed in the first hour. It is not possible to log into the device with those values.

Avast reports:

Router
    TP-Link
    IP: 192.168.1.1
   Weak Service password found: username: admin password: admin

That report is simply wrong.

Reported to Avast. Requested a reply.

Same thing happened to me on my home router.

Avast claimed that I have a weak router password. So I was like haha, what a bullshit I am not stupid and have strong password. But then I looked to the log file and realized that my router has another user/user. :wink:

So I changed that one as well. I am afraid it’s configured by the manufacturer. It has less rights, but still can turn on/off wifi etc…

Hi Martin!

Well, I don’t think so, it’s Avast please see https://forum.avast.com/index.php?topic=197896.0!
And I have a router with no username and same result: admin, admin!!!

But the worst is this:
The network scan as part of Smart-Scan told me, that my router is ok. But the HNS-scan means, my router isn’t configuered quite right and I have a WEAK_PW!!!

I’m waiting for a fix since Dec, sent pm to lukor twice, no answer, but since March 3 I contacted KL by pm and he promised to help (talking to the devs). Since then, I’m still waiting.

:frowning:
=Snake=

Looks like I have a similar issue with my modem/router: TP-Link TD-W9970.

When running a network scan with Avast Free, I initially got two warning messages:

  1. Weak service password
  2. Weak wifi password

The latter was fair enough, and has gone away now that I have changed the wifi password on my router.

But the first is wrong, claiming that my login and password are both “admin”. These were the default values which I have already changed to less obvious things. I have just checked that admin/admin does not log into my router, so I am not sure why Avast is giving this warning.

Bluto

Ok, I too have a TP-Link Wi-Fi Card, a modem-router from ARRIS (motorola) and AVAST. Same false positive result. AVAST states my router is vulnerable, because it can be “accessed by my ISP”. Now, clearly, if my ISP (MIDCO) could not communicate with my modem router, then certainly could not even type these very words.

Same old security problem: If something is allowed to go from here to there, then something else might tag along without a permit. I don’t know how to fix this,
one either is overprotective, or not protective enough. But meanwhile, AVAST should slightly expand its "whitelist.

Thanks

You clearly don’t understand things.
Having a connection and a ISP that can access the router are two different things.
The last one means your ISP can access the router settings (and likely also the OS).

No, things like this should never be “whitelisted” as it is a security risk.
If your ISP can access the router settings, so can bad guys.