I just noticed that our shadowserver monitoring has been flagging R-Series routers since 3-4-21 as snmp accessible. I have to track back to what is going on, we have been working on templates.
The impacted units do have snmp enabled with default credentials (probably a mistake in the template) but remote SNMP Login is DISABLED, and we have allowed hosts ACLs defined.
These devices should not be responding to the shadowserver scans from the WAN, yet they are.
We are going to push a template to disable snmp on these units, and correct the template we had been deploying if it is the case its enabled. but be aware thet allowed hosts and disabling remote snmp login does not stop snmp access