Description
This report identifies hosts that have the CPE WAN Management Protocol (CWMP) running and accessible on the Internet.
Assessment
The entries in this report are hosts that have the CWMP service open towards the internet. If this service is poorly implemented, it can be hijacked by an attacker through man-inthe-middle attacks (e.g. DNS redirection). The likelihood is considered medium because most CWMP implementations are not vulnerable. Manual verification is required. The impact is set to high as exploiting this service can result in a Remote Code Execution.
Recommendations
• Block access to ACSs and CPEs from outside of your network.
References
Shadow Server – Open CWMP Report
Shadow Server – CWMP Scanning Project
Wikipedia – TR-069