Contrary to your statement "My Home Hub failed this test, so it's reasonable to assume that everybody else's will too".

Having used a few different "Port Checking" websites and checked the port on a couple of Homehubs I found that the port was closed on them.

@KRD

During the December router attack there were no instances of BT Hubs being involved.  I'm not a fan of Hubs but they seemed to weather that particular storm intact.  The port may not be stealthed but no instances of Hubs being recruited have been established.

A little info here:

http://www.bbc.co.uk/news/technology-38167453

So no reason to be concerned or cause panic with less knowledgeable users.

KRD - I'm in the same boat and agree they should be fixing this right away. It's totally irresponsible not to act. 

It was not my intention to cause a panic! I raised the issue over the telephone with BT Tech Support who advised me to post the issue to this forum. So I provided as full information as I have.

My reported failure of the Wordfence security test may be a false positive or it may have revealed a problem that needs fixing. either way, I would expect BT to come back to this forum with an authoritative response to put all our minds at rest.

I am grateful to you for posting this here, as I have also recieved the same update from Wordfence, and having tested my BT home hub, it also shows that the router has port 7547 open and may be vulnerable.

Here is the advice from wordfence:

'What to do with the results

If you are vulnerable, we recommend that you:

• Immediately reboot your home router. This may flush any malware from your home router.
• Upgrade your router firmware if you can to the newest version. Close port 7547 in your router config if you are able to. (Many routers don’t allow this)
• If you can’t upgrade your own firmware, immediately call your ISP and let them know you have a serious security vulnerability in your home router and you need help fixing it. You can point them to this blog post (https://www.wordfence.com/blog/2017/04/check-your-router/) for more information. Let them know that your router has a vulnerability on port 7547 in “Allegro RomPager” that can allow an attacker to access your home network and launch attacks from your router on others.
• Run a virus scan on all your home workstations.
• Update all home workstations and devices to the newest versions of operating system and applications or apps.
• Update any firmware on home devices where needed.

If you are not vulnerable, but port 7547 is open on your router, we recommend that you:

• Reboot your home router immediately. You may suffer from other port 7547 vulnerabilities.
• Upgrade your router firmware if you can.
• Close port 7547 on your router if you can. (Many routers don’t allow this)
• Contact your ISP and let them know that port 7547 on your home router is accessible from the public internet. Let them know that port 7547 is used by your ISP to manage the router. It should not be publicly available. Suggest that they filter access to that port to prevent anyone on the public internet accessing it.'
  
  I hope that BT addresses this before it becomes a major issue for them that would impact on their reputation. Looking forward to a response and positive action.

Have you guys got any software installed that uses some form of Licence Management?  That could be the reason for the oddity with your port.

I also received the alert from Wordfence and ran their test indicating my router was vunerable.

It also alerted me to the fact the router's call home feature to update the firmware wasn't working, so my firmware was 9 months out of date.  I had to factory reset my router several times this morning to force an update. This was extermely concerning.

Once the update was installed, my router got the all clear and the port was closed.... for about 20 minutes... when it once again became vunerable.

It should be very simple for BT to block internet access to this port via a simple corporate firewall rule

The port is used to communicate using TR-069, a technical specification for remote management of end-user devices. It should only be open between the ISP and the remote device.  This is basic network security.

To quote the wordfence blog...

Your ISP should not allow someone from the public internet to connect to your router’s port 7547. Only your ISP should be able to access this port to manage your home router.

No reason to be concerned or cause panic?  I disagree. Just because the router hasn't been hacked yet doesn't mean that it wont be.  BT should take immediate action now to protect it's customers from a very real threat.

We should all be extermely concerned that BT are not doing anything about this.

My SmartHub has 7547 open too. This a home installation and not we are not running anything like licensing software.

There are a lot of TR69 ConnectionRequest Failed entries in the log.... 

I've put in several calls to BT today regarding this, but ended up bouncing from one support team to another, occasionaly being referred to the paid subscription 'Tech Experts' service, which I keep refusing to accept as a solution. I've been told to call 0808 100 4332 tomorrow, but I'm a little skeptical.

Any BT security engineers able to shine any light on this?