Weak Password found out on scan with wifi inspector solution?

[jraju]

Hi,
             Scanned with wifi inspector and found that my router is vulnerable to attak as it contains weak password.
I have changed the admin password to some difficult alphanumeric and also changed the user name and password. But still it shows as weak password. Moreover, i could only change the admin password, could not change the user name. As it is asking old password, which is now a changed password. There is no provision to chane the admin name.
What is the solution to this problem,

[Eddy]

If your router has a password reminder/reset function, disable it.

Routers provided by a ISP always have a back-door so they can access the router (for e.g. firmware updates, reset, etc.)
To change that you need to get access to the routers OS/firmware to change it.

This detection is often also solved by installing the firmware from the manufacturer and not using the ISP's firmware.

[jraju]

Hi, Eddy thanks
                 i obtained firmware update file thro email from my dlink manufacturer. But the file is a kind of img file. can i proceed to upgrade the firmware. How firmware update has to do with weak password. pl elaborate on that. Will the img file if browsed would upgrade the router, when computer is running? my version is 1.02, where as now downloaded thro email version 1.1.0.
               Should i need to change the file format before attempting upgrade? pl guide me. what is the benefit of the update firmware ?
when i searched the dlink support, i get this news
The firmware file should be a .bin file. In some cases the firmware is in a .zip format. If so, please extract the .bin file using the built in Windows extractor or using Winzip/WinRar.

[Eddy]

If it is a image file you very likely have to create a (bootable) CD/DVD/USB with it and use that.

This is one of the tools (free) that can do so > http://www.imgburn.com/

[jraju]

The GRC shields up results of my ports on the router test in their website
GRC Port Authority Report created on UTC: 2017-04-28 at 10:30:00

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
                            119, 135, 139, 143, 389, 443, 445,
                            1002, 1024-1030, 1720, 5000

    0 Ports Open
    0 Ports Closed
   26 Ports Stealth
---------------------
   26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
                   - NO unsolicited packets were received,
                   - NO Ping reply (ICMP Echo) was received.

[jraju]

Hi, Eddy,
             I just clicked the hidden user and pw of wifi inspector log. It shows the vulnerability. There was a user provision besides the admin in my router. The password is the same as user and hence wifi inspector found it vulnerable. But i have changed the admin password to difficult guessing. But i do not know , how to change the user name. If i change the admin password, it asks to confirm in the pw section of the router page, before modifying it. But in user case, it simply exit with it. when i scan again , the same message of weak password. If you give any clue, then this problem will go off.
              i cannot delete the provision of user as well

[Eddy]

If you can change a username and/or password depends on the firmware.

[jraju]

Hi, Eddy,
          The latest information. The user change of pw accepted and the scan shows no vulnerability. Thanks for the advice of upgrading the router. But still one doubt. Would the usge of imgburn, would turn it to a iso file rather than bin file. It is also not clear how the bin file could be made to upgrade in the absence of computer running.
I really appreciate the technical team for giving this wonderful tool, wifi inspector to safeguard home routers especially, which is prone to attack.
                  It is interesting to find that avast one time alerted that my port 7547 is open. When i went to see inside the router, i could not , but , dazed that a url not at all related to my ISP, is using that port and getting some information on 86400 times set. I do not know how to close it. I just opened the windows firewall advanced settings, and selected that port to be blocked. I think this will also stop the router access by anybody. Your idea on this . pl?.
                    It is cumbersome procedure to close the open port. Moreover, whenever i delete the url , it is getting back in to the same place. Vulnerablity of port 7547 is felt strongly now. Even worldfence website gives more on that port vulnerability. I am enclosing the latest green signal

[Eddy]

Windows firewall will only block access through that port to your system, not to your router.

A img file is kinda the same as a ISO file.
You use it to create a (bootable) medium, depending on what the img file is supposed to be.
ImgBurn extracts everything from that img/ISO file.