[Buge]

That router looks like its control panel is hosted on an external server. Router control panels usually show what devices are connected. So for router control panel functionality, they need to have the router report all connected devices to the server. Obviously they should be doing this encrypted, not unecrypted.

But ignoring encryption, this is the price you pay for cloud management: the could knows your data.

[philjohn]

Remember, the TR-069 traffic starts at your device, and terminates at their end, it's not making it out onto the public internet, it's entirely within the ISP network.

That's not to say it still shouldn't be encrypted, but with a FTTH connection using a PON network there's already physical layer encryption going on typically, otherwise a custom configured ONT could snoop on other peoples traffic on the same segment.

[tinus_hn]

> otherwise a custom configured ONT could snoop on other peoples traffic on the same segment.

Why would an ISP care about that?

[Buge]

If there's already encryption, how did the author snoop on the content?

[Teever]

> it's not making it out onto the public internet, it's entirely within the ISP network.

What if technical support is outsourced to a call-center in India?