cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Router accessible on tcp port 32764?

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Router accessible on tcp port 32764?

‎12-01-2014 9:43 PM

Backdoor access to a variety of routers: https://github.com/elvanderb/TCP-32764
Probably the "scfgmgr" process in my netgear dg834g v3, fortunately it's not accessible from the Internet on this router - although it might be with other routers. So doesn't actually make any difference to me as the debug telnet interface, with no login/pass, is open to the LAN anyway.
I should have spotted that sooner really, there's no netstat command in my netgear, but you can still "cat /proc/net/tcp"
[tt]# cat /proc/net/tcp
  sl  local_address rem_address  st ... (various other columns omitted)
  0: 00000000:0050 00000000:0000 0A ...
  1: 00000000:0017 00000000:0000 0A ...
  2: 00000000:7FFC 00000000:0000 0A ...
  3: 0100A8C0:0017 6500A8C0:DE12 01 ...
  4: 0100A8C0:0017 6500A8C0:AD2B 01 ...[/tt]
The port numbers there are in hexadecimal, 0x50 = 80 (the web interface), 0x17 = 23 (telnet access), and 0x7FFC is 32764.
Message 1 of 8
(2,917 Views)
Reply
0 Thanks
7 REPLIES 7
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Router accessible on tcp port 32764?

‎31-12-2014 6:46 PM

Surprisingly, on 19 May 2014, Netgear even released some new firmware to fix the TCP port 32764 issue, even though the previous v3 firmware, 4.01.40, was released way back in 2009.
For the DG834Gv3, there's 4.01.42
For the DG834Gv4, there's 5.01.17
I think 4.01.42 for the v3 also contains a slightly later version of the DSL driver.
Message 2 of 8
(645 Views)
Reply
0 Thanks
thejudge
Rising Star
Posts: 624
Thanks: 10
Registered: ‎01-08-2007

Re: Router accessible on tcp port 32764?

‎03-01-2015 9:04 PM

Has anyone used that firmware upgrade for the v3? I'm a bit reluctant to try it, especially given that Netgear doesn't list it in the main list of firmware upgrades at http://support.netgear.com/product/DG834Gv3.
Message 3 of 8
(645 Views)
Reply
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Router accessible on tcp port 32764?

‎03-01-2015 9:42 PM

No I haven't installed it yet, especially as the security issue is a total non-issue for me anyway.
The "main list" of firmware versions on your link does list 4.01.41, which has exactly the same release note, but is a firmware version for the Annex B models.
Message 4 of 8
(645 Views)
Reply
0 Thanks
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Router accessible on tcp port 32764?

‎03-01-2015 9:52 PM

4.01.412 is the one you should install.
Edit: Corrected
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Message 5 of 8
(645 Views)
Reply
0 Thanks
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: Router accessible on tcp port 32764?

‎03-01-2015 10:09 PM

4.01.42 is for the UK
4.01.41 is for Germany!
Message 6 of 8
(645 Views)
Reply
0 Thanks
jelv
Seasoned Hero
Posts: 26,785
Thanks: 971
Fixes: 10
Registered: ‎10-04-2007

Re: Router accessible on tcp port 32764?

‎03-01-2015 11:58 PM

Quote from: thejudge
Has anyone used that firmware upgrade for the v3? I'm a bit reluctant to try it, especially given that Netgear doesn't list it in the main list of firmware upgrades at http://support.netgear.com/product/DG834Gv3.

Go to http://downloadcenter.netgear.com/other/ and search for the model (or click PRODUCT DRILLDOWN then select Product Category: Routers, Modems & Gateways; Product Family: DSL Modem Routers; then Product DG834Gv3). You'll find Firmware Version 4.01.42 (For users in UK only) is listed.
I'm guessing you didn't select Country as Other to get the UK versions listed.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Message 7 of 8
(645 Views)
Reply
0 Thanks
thejudge
Rising Star
Posts: 624
Thanks: 10
Registered: ‎01-08-2007

Re: Router accessible on tcp port 32764?

‎05-01-2015 9:21 PM

Oh yes, I found it OK, I'm just wary of doing something as drastic as updating the firmware when I'm not sure that I need to, and without knowing if anyone else has had issues when they've done it.
Message 8 of 8
(645 Views)
Reply
0 Thanks