BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

SerComm Products Backdoor

Disclosed December 31, 2013    Zeroday : 352 days

Vulnerability Description:

A backdoor exists within certain router firmwares, listening on TCP 32764, that allows a remote attacker to gain full access to a device.

Vendors:

SerComm

Vulnerable Software/Devices:

SerComm Routers, other devices listed at Elvanderb GitHub (original researcher's PoC/findings)

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Remote Code Execution
Remote attackers would spam internet-facing IPs on TCP 32764 looking for devices that are vulnerable to this issue. If successful, an attacker may use their control of a vulnerable device to spread this attack, or siphon data from private networks.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 32232 - SerComm Products Backdoor (Zero-Day) - Bad Packet
  • 32233 - SerComm Products Backdoor (Zero-Day) - Trigger Stats

Mitigation:

Restrict access to listening ports TCP 32764 via the firewall interface within the router configuration, if available.

Links:

CVE(s):