A backdoor exists within certain router firmwares, listening on TCP 32764, that allows a remote attacker to gain full access to a device.
SerComm Routers, other devices listed at Elvanderb GitHub (original researcher's PoC/findings)
Remote Code Execution
Remote attackers would spam internet-facing IPs on TCP 32764 looking for devices that are vulnerable to this issue. If successful, an attacker may use their control of a vulnerable device to spread this attack, or siphon data from private networks.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 32232 - SerComm Products Backdoor (Zero-Day) - Bad Packet
- 32233 - SerComm Products Backdoor (Zero-Day) - Trigger Stats
Restrict access to listening ports TCP 32764 via the firewall interface within the router configuration, if available.