I found a different port during the scan, it's port 49152. Is the modem or the router compromised?

I recently ran a port scan (just TCP) on my home router/modem (AT&T U-Verse) and found two peculiar ports that are open. Here is the scan output/results for nmap 192.168.1.254 -P0: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-10-14 14:30 UTC Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan SYN Stealth Scan Timing: About 51.50% done; ETC: 14:31 (0:00:42 remaining) Nmap scan report for homeportal (192.168.1.254) Host is up (0.0045s latency).Not shown: 996 closed PORT      STATE    SERVICE 80/tcp    open     http 256/tcp   filtered fw1-secureremote 443/tcp   open     https 49152/tcp open     unknown The strange ports are 256(tcp) and 49152(tcp).  Doing some cursory research on Google, I found that fw1-secureremote (running on port 256) is used by VPN clients (SecuRemote).  How might I go about contacting AT&T about this?