Ok, I too have a TP-Link Wi-Fi Card, a modem-router from ARRIS (motorola) and AVAST. Same false positive result. AVAST states my router is vulnerable, because it can be "accessed by my ISP". Now, clearly, if my ISP (MIDCO) could not communicate with my modem router, then certainly could not even type these very words.
Same old security problem: If something is allowed to go from here to there, then something else might tag along without a permit. I don't know how to fix this,
one either is overprotective, or not protective enough. But meanwhile, AVAST should slightly expand its "whitelist.
Thanks