TCP-32764
Jump to navigation
Jump to search
TCP-32764 seems to be a backdoor on some, presumably SerComm manufactured, routers and home gateways,
- generally indicated by the presence of a process (scfgmgr) listening @ port 32764.
When accessed via telnet, data prefixed by ScMM or MMcS (depending on the system's endianess) seems to be returned.
For actual info, see elvanderb's description and sample Python code.. this is just a stub so I can do my fancy device queries
Confirmed in
This is mostly out of date. Again, see TCP-32764 on GitHub.
- Cisco RVS4000 FW v.2.0.3.2/1.3.3.5/1.3.0.5 (issue 55,57)
- Cisco-Linksys WAP4410N (issue 11)
- Cisco-Linksys WRVS4400N (per github @ Linksys) what models? all models?
- Diamond SupraMax DSL642WLG TI (by m86 - port 32764 open, plaintext password retrieved, config dumped, 'shell' works)
- LevelOne WBR-3460B (thread)
- Linksys WAG54G2 (per github @ twitter)
- Linksys WAG54GS (@henkka7)
- Linksys WAG120N (issue 58)
- Linksys WAG160N v1 and v2 (@xxchinasaurxx @saltspork)
- Linksys WAG200G (originally noted device on GitHub)
- Linksys WAG320N (per github @ Linksys)
- Linksys WRT300N v1.0 FW 2.00.17 (issue 34)
- Linksys WRT350N v2 FW 2.00.19 (issue 39)
- Netgear DG834Gv2, and possibly other DG834G models [GB, N, PN, GT] v. <5 (issue 19,25,62)
- Netgear DGN1000[B] (per github @ GitHub) (issue 27)
- Netgear DGN2000[B] (issue 26)
- Netgear DGN3500 (issue 13)
- Netgear DGND3300[B,v2] FW v. 2.1.00.53_1.00.53GR (issue 56,59)
- Netgear DM111Pv2 (per github @ twitter)
- Netgear JNR3210
- Netgear WPNT834 (by m86 - port 32764 open, plaintext password retrieved, config dumped, 'shell' works)
- OvisLink AirLive WN-200R (by m86 - port 32764 open, plaintext password retrieved, config dumped, 'shell' works)
Possibly affected
- Netgear DG934 (per github, likely)
- some Netgear WG602 (all DNI manuf??) or WGR614 models? (per github @ Netgear)
- Netgear DGN2000 (per github @ Netgear)
- Linksys WAG160N (per github @ Linksys)
- probably / possibly some other SerComm manuf'ed HW : TCP-32764/SerComm devices in DB
Confirmed not in
SerComm HW
- Netgear ME103 - old 802.11b WAP (TI chipset)
- Netgear MR814v2 - old 802.11b WAP (Marvell chipset)
- APC WMR1000G - mobile 802.11g WAP / router (Marvell chipset)
- 3Com OfficeConnect 3CRTRV10075 (WL-534) - mobile 802.11g WAP / router (Marvell chipset)
- Buffalo WYR-G54 - 802.11g router (Marvell chipset)