NewSky Security research lead Ankit Anubhav, who discovered the open port and dubbed the issue ForgotDoor, said any router which had port 10000 open could be easily accessed and controlled by attackers. A total of 975 routers were observed to be vulnerable.
The password could be changed from the settings menu once one had access, with this being very simple if the default credentials had not been changed.
Anubhav said the routers were connected to multiple devices which meant that these devices too would be open to compromise.
Douglas Mun, deputy director in charge of SingCERT at the Cyber Security Agency of Singapore, was quoted as saying: "The ISP SingTel has disabled port forwarding to port 10000 for the affected routers. Root cause: Port forwarding was enabled by their customer service staff to troubleshoot Wi-Fi issues for their customers and was not disabled when the issues were resolved.
"ISP Singtel will be taking measures to ensure that port forwarding is disabled after troubleshooting has completed."
Anubhav said that one way to cut down on attacks was to let IoT devices connect via non-standard ports.
"For example, setting up SSH on an unusual port can save the device from a lot of brute-force attacks that are designed to attack the default SSH port (which is 22).
"However, this practice should never be considered as a replacement for basic IoT security. With easily available crawling scripts and services like Shodan, it is easy for attackers to find out such unusual ports being used."