cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
914
Views
10
Helpful
1
Replies

rv325 accidentally opens ports 8007 and 8008 to remote management

scottdcarson
Level 1
Level 1

I have an rv325 with firmware version 1.4.2.15 (the latest as of now).  I recently performed the upgrade to this firmware.

I don't allow anything to connect to it from the outside except for port 443, which I have forwarded to an internal server.  Remote management is disabled (the "enable" box is unchecked) on the Firewall/General screen.

I port-scanned the system from the outside using nmap.  Surprise - tcp ports 8007 and 8008 were open.  Even bigger surprise, port 8007 was the management interface - over http (not https)!  I was able to log in successfully.

I was able to mitigate this by creating a firewall rule to block these two ports from the WAN.  But ...if I hadn't run the scan, I would have never known this.  As far as I can tell, there's no setting to either enable or disable this behavior.  Isn't this a pretty major security flaw?  How many people have these ports open and don't know it?

1 Reply 1

natesomers
Level 1
Level 1

I am seeing 8007 and 8008 open as well. This is even after factory resetting.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: