CRITICAL: Netcore/Netis Router Vulnerability Scan Report

DESCRIPTION LAST UPDATED: 2023-12-18

DEFAULT SEVERITY LEVEL: CRITICAL

This report identifies hosts that are running a vulnerable or backdoored Netis Router with service open (port 53413/udp) and accessible from the Internet.

A writeup regarding the issue by Trend Micro can be found here. In short — if any of these devices are on your network, you most likely want to replace them.

You can track latest vulnerable or backdoored Netis Router exposure on the Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page..

Filenames: scan_netis_router

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that response used
  • port
    Port that the Netis router response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Tag describing the type of issue — always 'netis_vulnerability'
  • response
    Response received from the device in question — always 'Login:'
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • sector
    Sector the IP belongs to
  • response_size
    Response size in bytes
  • amplification
    Amplification factor (This amplification is is based solely on the payload size sent and payload size received)

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","response","asn","geo","region","city","naics","hostname_source","sector","response_size","amplification"
"2010-02-10 00:00:00",critical,192.168.0.1,udp,53413,node01.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,ptr,,18,18.00
"2010-02-10 00:00:01",critical,192.168.0.2,udp,53413,node02.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,,"Communications, Service Provider, and Hosting Service",18,18.00
"2010-02-10 00:00:02",critical,192.168.0.3,udp,53413,node03.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,,,18,18.00


Our 132 Report Types