Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
990
Views
10
Helpful
1
Replies

rv325 accidentally opens ports 8007 and 8008 to remote management

scottdcarson
Level 1
Level 1

‎09-21-2017 06:59 AM - edited ‎03-01-2019 06:09 PM

I have an rv325 with firmware version 1.4.2.15 (the latest as of now).  I recently performed the upgrade to this firmware.

I don't allow anything to connect to it from the outside except for port 443, which I have forwarded to an internal server.  Remote management is disabled (the "enable" box is unchecked) on the Firewall/General screen.

I port-scanned the system from the outside using nmap.  Surprise - tcp ports 8007 and 8008 were open.  Even bigger surprise, port 8007 was the management interface - over http (not https)!  I was able to log in successfully.

I was able to mitigate this by creating a firewall rule to block these two ports from the WAN.  But ...if I hadn't run the scan, I would have never known this.  As far as I can tell, there's no setting to either enable or disable this behavior.  Isn't this a pretty major security flaw?  How many people have these ports open and don't know it?

2 people had this problem
Labels:
1 Reply 1

natesomers
Level 1
Level 1

‎09-23-2017 12:06 PM

I am seeing 8007 and 8008 open as well. This is even after factory resetting.

0 Helpful
Customers Also Viewed These Support Documents