Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WAP4410N backdoor...

https://github.com/elvanderb/TCP-32764

Nmap scan report for 192.168.211.124
Host is up (0.033s latency).
PORT      STATE SERVICE VERSION
32764/tcp open  unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port32764-TCP:V=6.40%I=7%D=1/2%Time=52C53261%P=x86_64-unknown-linux-gnu
SF:%r(GenericLines,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(Help,C,"ScMM\xff\xf
SF:f\xff\xff\0\0\0\0")%r(X11Probe,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(LPDS
SF:tring,C,"ScMM\xff\xff\xff\xff\0\0\0\0")%r(TerminalServer,C,"ScMM\xff\xf
SF:f\xff\xff\0\0\0\0")%r(kumo-server,C,"ScMM\xff\xff\xff\xff\0\0\0\0");

1 REPLY
Community Member

Re: WAP4410N backdoor...

Wow that is terrible! It looks like it was put in there by the company "SerComm" and not Linksys/Cisco.

I imagine there's going to be quite a few firmware updates soon.

I have tested against mine and can confirm it is present in the WAP4410N: https://github.com/elvanderb/TCP-32764/issues/11

I have e-mailed Cisco's vulnerability reporting e-mail address, they are aware of the issue and no doubt will want to fix this!

789
Views
0
Helpful
1
Replies
CreatePlease to create content