Apr 13, 2012
I have a Cisco Linksys WAG120N running with the firmware version 1.00.12, and it's working a quite fine.During some tests with the nmap command under Linux, I noticed that beyond the ports 80 and 433, another opened port 32764 shows up running an unknown service.This unknown service keeps running after scanning for ports between 1-65535 using nmap in stealth mode. But after querying the modem for operating system fingerprint using nmap but not in stealth mode, this port closes and the service disappears.
View 3 Replies
By using a browser to access 192.168.1.1:32764, a 12 byte "<random_prefix>.exe" file is download, and its's recognized as a text file. The file contains a "MMcSÿÿÿÿ" string, and the bytes in hexadecimal are "4d 4d 63 53 ff ff ff ff 00 00 00 00".And also, something strange happens after this unknown service goes down: Accessing the modem setup via browser, the settings displayed are different than I commonly use. the encapsulation is set to "Bridged Mode Only" instead the "RFC 2516 PPPoE", and into the Status Tab the Current Time field says "Time Zone string Error". Still in the Status Tab, in the Internet Connection information the "Login Type" is a misspelled "UNKNOW", the interface says "Connected" to a well accessible Default Gateway., the same displayed into the Routing Table Entry. Th Applications & Gaming Tab is unaccessible.After power switching the modem off and on again, everything comes back to normal again.