TCP-32764

TCP-32764 seems to be a backdoor on some, presumably SerComm manufactured, routers and home gateways,

generally indicated by the presence of a process (scfgmgr) listening @ port 32764.

When accessed via telnet, data prefixed by ScMM or MMcS (depending on the system's endianess) seems to be returned.

For actual info, see elvanderb's description and sample Python code.. this is just a stub so I can do my fancy device queries

Confirmed in

This is mostly out of date. Again, see TCP-32764 on GitHub.

• Cisco RVS4000 FW v.2.0.3.2/1.3.3.5/1.3.0.5 (issue 55,57)
• Cisco-Linksys WAP4410N (issue 11)
• Cisco-Linksys WRVS4400N (per github @ Linksys) what models? all models?
• Diamond SupraMax DSL642WLG TI (by m86 - port 32764 open, plaintext password retrieved, config dumped, 'shell' works)
• LevelOne WBR-3460B (thread)
• Linksys WAG54G2 (per github @ twitter)
• Linksys WAG54GS (@henkka7)
• Linksys WAG120N (issue 58)
• Linksys WAG160N v1 and v2 (@xxchinasaurxx @saltspork)
• Linksys WAG200G (originally noted device on GitHub)
• Linksys WAG320N (per github @ Linksys)
• Linksys WRT300N v1.0 FW 2.00.17 (issue 34)
• Linksys WRT350N v2 FW 2.00.19 (issue 39)
• Netgear DG834Gv2, and possibly other DG834G models [GB, N, PN, GT] v. <5 (issue 19,25,62)
• Netgear DGN1000[B] (per github @ GitHub) (issue 27)
• Netgear DGN2000[B] (issue 26)
• Netgear DGN3500 (issue 13)
• Netgear DGND3300[B,v2] FW v. 2.1.00.53_1.00.53GR (issue 56,59)
• Netgear DM111Pv2 (per github @ twitter)
• Netgear JNR3210
• Netgear WPNT834 (by m86 - port 32764 open, plaintext password retrieved, config dumped, 'shell' works)
• OvisLink AirLive WN-200R (by m86 - port 32764 open, plaintext password retrieved, config dumped, 'shell' works)

Possibly affected

• Netgear DG934 (per github, likely)
• some Netgear WG602 (all DNI manuf??) or WGR614 models? (per github @ Netgear)
• Netgear DGN2000 (per github @ Netgear)
• Linksys WAG160N (per github @ Linksys)
• probably / possibly some other SerComm manuf'ed HW : TCP-32764/SerComm devices in DB

Confirmed not in

SerComm HW

• Netgear ME103 - old 802.11b WAP (TI chipset)
• Netgear MR814v2 - old 802.11b WAP (Marvell chipset)
• APC WMR1000G - mobile 802.11g WAP / router (Marvell chipset)
• 3Com OfficeConnect 3CRTRV10075 (WL-534) - mobile 802.11g WAP / router (Marvell chipset)
• Buffalo WYR-G54 - 802.11g router (Marvell chipset)

Other Netgear / Linksys HW

• Netgear WNDR3700
• Netgear CG3100
• Netgear WGR614v7
• Netgear WGR614v9

Table o' currently confirmed affected HW

The following query condition could not be considered due to this wiki's restrictions on query size or depth: <code> [[:OvisLink AirLive WN-200R]] OR [[:Diamond SupraMax DSL642WLG]] OR [[:Linksys WAG54G2]] OR [[:Linksys WAG320N]] OR [[:Linksys WAG200G]] OR [[:Netgear DG834Gv2]] OR [[:Netgear DGN1000]] OR [[:Netgear DGN2000]] OR [[:Netgear DGN3500]] OR [[:Netgear DM111Pv2]] OR [[:Netgear WPNT834]] OR [[:Cisco WAP4410N]] OR [[:Linksys WRVS4400N v1.0]] OR [[:LevelOne WBR-3460B]] OR [[:Linksys WAG120N]] OR [[:Linksys WAG160N]] OR [[:Netgear JNR3210]] OR [[:Netgear DGND3300]] OR [[:Linksys WRT300N v2]] OR [[:Linksys WRT350N v2]] OR [[:Linksys WAG54GS]] </code>.

Table o' currently suspected affected HW

...