jgeboski/CWMP-INSTRUCTIONS

## CWMP-INSTRUCTIONS
Verizon FiOS (and possibly other ISPs) deploy CPE routers based on
OpenRG which enable CWMP (port 4567) by default. The CWMP protocol
enables remote management of the CPE device, however, the protocol can
also enable a remote attacker to obtain unwarranted access. The simple
solution is to disable the CWMP protocol, which is done below. Please
note, this operation is likely unsupported by ISPs, so do the following
at your own risk.

Information on CWMP: http://en.wikipedia.org/wiki/TR-069


First off, telnet support must be enabled via the web interface. On my
router (a MI424WR-GEN3I), it can be enabled via:
  Advanced -> Local Administration

Then, ensure the router actually has CWMP enabled:

$ telnet 192.168.1.1 23  # Router address may differ
$ conf print /cwmp/enabled

If the above prints `enabled(1)`, then CWMP is enabled. Proceed with:

$ conf set /cwmp/enabled 0
$ system reboot
	Verizon FiOS (and possibly other ISPs) deploy CPE routers based on
	OpenRG which enable CWMP (port 4567) by default. The CWMP protocol
	enables remote management of the CPE device, however, the protocol can
	also enable a remote attacker to obtain unwarranted access. The simple
	solution is to disable the CWMP protocol, which is done below. Please
	note, this operation is likely unsupported by ISPs, so do the following
	at your own risk.

	Information on CWMP: http://en.wikipedia.org/wiki/TR-069


	First off, telnet support must be enabled via the web interface. On my
	router (a MI424WR-GEN3I), it can be enabled via:
	Advanced -> Local Administration

	Then, ensure the router actually has CWMP enabled:

	$ telnet 192.168.1.1 23 # Router address may differ
	$ conf print /cwmp/enabled

	If the above prints `enabled(1)`, then CWMP is enabled. Proceed with:

	$ conf set /cwmp/enabled 0
	$ system reboot