Main
Broadband
Articles
Forums
Info
The Broadband Guide
search advanced
Main
Broadband
Articles
Forums
Info
Login
Please Login
Shortcuts

Port 49152 Details


known port assignments and vulnerabilities
threat/application/port search:
 search
Port(s) Protocol Service Details Source
49152 tcp,udp applications As the first port in the dynamic/private range (49152-65535), this port is commonly used by applications that utilize a dynamic/random/configurable port.

Many embedded Linux based systems (i.e. home routers, remote management devices, IP cameras) have UPnP enabled, broadcasting their kernel version and hardware architecture over port 49152.

Some P2P torernt clients often use this port: uTorrent, Azureus/Vuze, etc.

Older IPMI firmware versions reveal cleartext login credentials over UDP port 49152.

Apple AirPlay dynamic mirroring TCP port.

YotaPhone 2 opens port 49152.

Apple Xsan Filesystem Access uses the dynamic/private range 49152-65535.
Xsan (Apple's storage area network, or clustered filesystem for macOS) uses these ports:
311 TCP - Xsan secure server administration (server app, xsan server admin, workgroup manager, server monitor)
312 TCP - Xsan administration
626 UDP - server serial number registration (Xsan, Mac OS X Server v10.3 – v10.6)
49152-65535 TCP - Xsan Filesystem Access

Microsoft Lync server uses these ports:
444, 445, 448, 881, 5041, 5060 - 5087, 8404 TCP
80, 135, 443, 4443, 8060, 8061, 8080 TCP - standard ports and HTTP(s) traffic
1434 UDP - SQL
49152-57500 TCP/UDP - media ports

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.
References: [CVE-2017-14117], [BID-100585]

The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.
References: [CVE-2022-30521]		 SG
42800, 49152-49172, 49272-49292 udp applications Titan Quest Portforward
2 records found
SG security scan: port 49152
jump to:
 go
previous next

Related ports: 311  312  626  6881  45100  45682  61001  65535  

« back to SG Ports


External Resources
SANS ISC: port 49152

Notes:
Port numbers in computer networking represent communication endpoints. Ports are unsigned 16-bit integers (0-65535) that identify a specific process, or network service. IANA is responsible for internet protocol resources, including the registration of commonly used port numbers for well-known internet services.
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.

TCP ports use the Transmission Control Protocol, the most commonly used protocol on the Internet and any TCP/IP network. TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and that packets will be delivered in the same order in which they were sent. Guaranteed communication/delivery is the key difference between TCP and UDP.

UDP ports use the Datagram Protocol. Like TCP, UDP is used in combination with IP (the Internet Protocol) and facilitates the transmission of datagrams from one computer to applications on another computer, but unlike TCP, UDP is connectionless and does not guarantee reliable communication; it's up to the application that received the message to process any errors and verify correct delivery. UDP is often used with time-sensitive applications, such as audio/video streaming and realtime gaming, where dropping some packets is preferable to waiting for delayed data.

When troubleshooting unknown open ports, it is useful to find exactly what services/processes are listening to them. This can be accomplished in both Windows command prompt and Linux variants using the "netstat -aon" command. We also recommend runnig multiple anti-virus/anti-malware scans to rule out the possibility of active malicious software. For more detailed and personalized help please use our forums.

Please use the "Add Comment" button below to provide additional information or comments about port 49152.
  User Reviews/Comments:
    rate:
   avg:
by paranoid52 - 2013-12-01 05:45
Nmap reports my Buffalo Wireless router WZR-HP-AG300H has port 49152/tcp open with service "unknown".
by anonymous - 2015-04-18 11:34
http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/ ;)
by anonymous - 2016-03-11 03:55
my router isn't vulnerable to the exploit posted. I tried it it didn't work

Yet it still opens this port i have SPI turned off for my xbox because it use a different router only for the xbox my main router is portwarding only the ports i need
by roger.simmons - 2017-08-12 11:03
. In Windows Server 2008 and later versions, and in Windows Vista and later versions, the default dynamic port range changed to the following range:

Start port: 49152
End port: 65535

Windows 2000, Windows XP, and Windows Server 2003 use the following dynamic port range:

Start port: 1025
End port: 5000


What this means for you:

If your computer network environment uses only Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista, you must enable connectivity over the high port range of 49152 through 65535.
If your computer network environment uses Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista together with versions of Windows earlier than Windows Server 2008 and Windows Vista, you must enable connectivity over both the following port ranges:
High port range 49152 through 65535
Low port range 1025 through 5000
If your computer network environment uses only versions of Windows earlier than Windows Server 2008 and Windows Vista, you must enable connectivity over the low port range of 1025 through 5000.

For more information about the default dynamic port range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista, click the followng article number to go to the article in the Microsoft Knowledge Base:
929851 The default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008

So you are scanning a Windows OS kernel 6.0 or above which these ports are opened and dynamically chosen as a tcp connection for RPC (mapped drives file and print sharing in NETBIOS) or LPC for API applications for own machines loopback 127.0.0.1
by YotaPhone2 - 2019-11-03 15:21
This port is open on my YotaPhone 2 with official ROM. Can't find any reason for it.
by anonymous - 2019-11-20 10:07
Same here
by ZH - 2024-09-12 14:10
Nmap scan shows my Netgear router, I confirmed UPNP is closed.
49152/tcp: UPnP service (Cisco-Linksys E4200 WAP upnpd (UPnP 1.0)).

Sometimes reflect as unknown..
Print this document top
Related Links
News Glossary of Terms FAQs Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About