Hello,

I just got a Archer MR400 and setting it up, I wanted to disable management port 80, and enable the management port on 443 using https, and I noticed this was not possible tru the configuration interface.

The configuration interface will allow https port, if selected, but there is no option to disable http port 80 for local management.

Then I proceeded to port scan the Archer MR400, I got:

# nmap 10.0.2.1

PORT     STATE SERVICE
22/tcp   open  ssh
23/tcp   open  telnet
53/tcp   open  domain
80/tcp   open  http
443/tcp  open  https
1900/tcp open  upnp

Port 23 is accessible with telnet, and modem admin passwords logs you in, to a busy box like terminal

Port 22 is ssh, but admin password will not work even though key algotihm ssh-dss is added to ssh config

Port 80 is local management interface.

Port 1900 is for upnp and required.

I need to shutdown or filter port 22, 23, and 80.

Since this is a 4G modem, where bandwidth is paid for the user, better level of security is needed than a regular dsl modem/router.Not only these open ports 22 and 23 are documented, but there is no way to turn the services off, and the tp-link interface accessible from telnet only provides simple commands.

The ssh port is accessible, but who knows which account, and which password is required to login. A simple configuration command could filter these ports, so at least they are not accessible, as in products that are in the same class.

These are massive oversights in TP-Links part. Please devise workaround and/or come up with new firmware revision.

Best Regards,

C.