CWMP (CPE (Customer Premises Equipment) WAN (Wide Area Network) Management Protocol) is a protocol for controlling user equipment over the Internet (i.e., not on a local network).
The protocol allows communication service providers to have one or more ACS (Auto Configuration Server) and perform various remote actions through them:
- Update your firmware;
- Access log files;
- Run diagnostics.
TR-069 specification which describes the protocol is a synonym for CWMP.
The SSL/TLS protocol is used to ensure connection security, and the list of parameters sent in the specification is clearly defined. Despite this, a lot of manufacturers do not fully reach the standard, thus vulnerabilities appear. After overtaking the ACS device or intercepting the channel between ACS and user devices, attackers can gain access to all devices supporting TR-069. The infected devices could later be used for DDoS attacks.
- Always change default passwords to secure ones;
- Change passwords regularly;
- Update internal device software if possible;
- Disable unused services on your device;
- If the device is only used on a local network, disable access to the device from the Internet, overall, or by ports;
- If your device needs to be accessible from the Internet, limit its availability by IP addresses, IP networks, and countries;
- Check the availability of the device from the Internet.