TCP/UDP Port 32764 - Exploit

[Impregim]

For those who don't know this yet, check your router ASAP.

Posted Tuesday, January 7th, 2014 (1:12 pm) by Mark Jackson

Broadband ISP customers that own some models of Cisco, Netgear, Linksys or certain other routers could be vulnerable to a new backdoor exploit that allows a hacker to remotely input their own admin password and possibly gain full access to your network.

The exploit is also believed to be present in a number of other routers, although we’ve only listed the fully confirmed ones above. On some models the simplest solution to this exploit is to create a new Firewall Rule in your router that blocks access to TCP 32764, although it’s noted that this didn’t appear to work on the Cisco RVS4000 and others may share a similar problem.

Source: http://www.ispreview.co.uk/index.ph...routers-exposed-via-new-backdoor-exploit.html

TCP/UDP Port 32764

 

[aybbleek]

For those who don't know this yet, check your router ASAP.



Source: http://www.ispreview.co.uk/index.ph...routers-exposed-via-new-backdoor-exploit.html

TCP/UDP Port 32764

Thats been around for ages bud, you always need to update your router firmware

 

[Impregim]

I'm well aware of that, this is just for the uninformed, who never bothers to update the FM or check if that port responds to probes.

Vanderbeken noted that many of these devices, such as for example Netgear’s DGN2000 and DG834B, appeared to be listening on an undocumented service via TCP port 32764 (note: not all models will listen via this port over the Internet / WAN but some do)

Always better to be safe than sorry.