"This appears to be a consequence of TR-069 – aka the Customer-Premises Equipment WAN Management Protocol – which makes TCP/IP port 7547 available. ISPs use this protocol to manage the modems on their network. But the server running on that port is a TR-064 server and thus accepts TR-064 commands."
This is confused. Port 7547 isn't mandated by TR069, although the only port that needs to listen on a router for TR069 iis often 7547, that is for connection requests and should do nothing else than "phone home" to its TR069 server when an authenticated request is made.
Despite the similar numbers, TR069 and TR064 have no connection, and any CPE vendor running a TR064 server on the TR069 connection request port is a) nuts and b) likely to get issues like this. But it's not a *consequence* of running TR069 so in particular, this:
"A Shodan search [login required] indicates that approximately five million devices offer TR-064 service over the internet. While not all of these devices are necessarily vulnerable, many of them are"
isn't true. Having 7547 open does NOT imply a TR064 service is offered. Probably just the TR069 connection request and that's harmless unless you can guess the credentials and near harmless even if you do have them.