×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WAP4410N backdoor...

Unanswered Question
Jan 2nd, 2014
User Badges:

https://github.com/elvanderb/TCP-32764


Nmap scan report for 192.168.211.124
Host is up (0.033s latency).
PORT      STATE SERVICE VERSION
32764/tcp open  unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port32764-TCP:V=6.40%I=7%D=1/2%Time=52C53261%P=x86_64-unknown-linux-gnu
SF:%r(GenericLines,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(Help,C,"ScMM\xff\xf
SF:f\xff\xff\0\0\0\0")%r(X11Probe,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(LPDS
SF:tring,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(TerminalServer,C,"ScMM\xff\xf
SF:f\xff\xff\0\0\0\0")%r(kumo-server,C,"ScMM\xff\xff\xff\xff\0\0\0\0");

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
matthew1471 Thu, 01/02/2014 - 13:24
User Badges:

Wow that is terrible! It looks like it was put in there by the company "SerComm" and not Linksys/Cisco.

I imagine there's going to be quite a few firmware updates soon.


I have tested against mine and can confirm it is present in the WAP4410N: https://github.com/elvanderb/TCP-32764/issues/11


I have e-mailed Cisco's vulnerability reporting e-mail address, they are aware of the issue and no doubt will want to fix this!

Actions

This Discussion