Netcore/Netis Router Vulnerability Scan Report

This report identifies hosts that are running a vulnerable or backdoored Netis Router with service open (port 53413/udp) and accessible from the Internet.

A writeup regarding the issue by Trend Micro can be found here. In short — if any of these devices are on your network, you most likely want to replace them.

Statistics for these servers can be found here.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • port
    Port that the Netis router response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Tag describing the type of issue — always 'netis_vulnerability'
  • response
    Response received from the device in question — always 'Login:'
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides

Sample

"timestamp","ip","port","hostname","tag","response","asn","geo","region","city"
"2014-08-27 16:40:17","113.7.82.11",53413,,"netis_vulnerability","Login:",4837,"CN","HEILONGJIANG","HARBIN"
"2014-08-27 16:40:17","123.150.208.53",53413,,"netis_vulnerability","Login:",17638,"CN","TIANJIN","TIANJIN"
"2014-08-27 16:40:17","119.85.111.71",53413,,"netis_vulnerability","Login:",4134,"CN","CHONGQING","CHONGQING"
"2014-08-27 16:40:17","60.210.140.189",53413,,"netis_vulnerability","Login:",4837,"CN","SHANDONG","JINAN"
"2014-08-27 16:40:17","60.0.201.166",53413,,"netis_vulnerability","Login:",4837,"CN","HEBEI","SHIJIAZHUANG"
"2014-08-27 16:40:17","113.81.112.29",53413,,"netis_vulnerability","Login:",4134,"CN","GUANGDONG","GUANGZHOU"
"2014-08-27 16:40:17","113.206.113.170",53413,,"netis_vulnerability","Login:",4837,"CN","CHONGQING","CHONGQING"
"2014-08-27 16:40:17","1.83.94.78",53413,,"netis_vulnerability","Login:",4134,"CN","SHAANXI","XI'AN"
"2014-08-27 16:40:17","106.4.4.60",53413,,"netis_vulnerability","Login:",4134,"CN","JIANGXI","NANCHANG"

Our 76 Report Types