Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1226
Views
0
Helpful
1
Replies

WAP4410N backdoor...

a.v.savchenko
Level 1
Level 1

‎01-02-2014 01:37 AM

https://github.com/elvanderb/TCP-32764

Nmap scan report for 192.168.211.124
Host is up (0.033s latency).
PORT      STATE SERVICE VERSION
32764/tcp open  unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port32764-TCP:V=6.40%I=7%D=1/2%Time=52C53261%P=x86_64-unknown-linux-gnu
SF:%r(GenericLines,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(Help,C,"ScMM\xff\xf
SF:f\xff\xff\0\0\0\0")%r(X11Probe,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(LPDS
SF:tring,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(TerminalServer,C,"ScMM\xff\xf
SF:f\xff\xff\0\0\0\0")%r(kumo-server,C,"ScMM\xff\xff\xff\xff\0\0\0\0");

2 people had this problem
Labels:
0 Helpful
1 Reply 1

matthew1471
Level 1
Level 1

‎01-02-2014 01:24 PM

Wow that is terrible! It looks like it was put in there by the company "SerComm" and not Linksys/Cisco.

I imagine there's going to be quite a few firmware updates soon.

I have tested against mine and can confirm it is present in the WAP4410N: https://github.com/elvanderb/TCP-32764/issues/11

I have e-mailed Cisco's vulnerability reporting e-mail address, they are aware of the issue and no doubt will want to fix this!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents