I have an rv325 with firmware version 1.4.2.15 (the latest as of now). I recently performed the upgrade to this firmware.
I don't allow anything to connect to it from the outside except for port 443, which I have forwarded to an internal server. Remote management is disabled (the "enable" box is unchecked) on the Firewall/General screen.
I port-scanned the system from the outside using nmap. Surprise - tcp ports 8007 and 8008 were open. Even bigger surprise, port 8007 was the management interface - over http (not https)! I was able to log in successfully.
I was able to mitigate this by creating a firewall rule to block these two ports from the WAN. But ...if I hadn't run the scan, I would have never known this. As far as I can tell, there's no setting to either enable or disable this behavior. Isn't this a pretty major security flaw? How many people have these ports open and don't know it?