Shortcuts
|
Vulnerable Ports
This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats.
We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please .
Any feedback and suggestions can also be posted to our Security forum.
| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 4045 |
tcp,udp |
npp |
not scanned |
Solaris lockd NFS lock daemon/manager
IANA registered for: Network Paging Protocol |
| 4049 |
tcp,udp |
wafs |
not scanned |
Wide Area File Services |
| 4050 |
tcp,udp |
cisco-wafs |
not scanned |
Wide Area File Services |
| 4069 |
tcp,udp |
minger |
not scanned |
IANA registered for: Minger Email Address Validation Service |
| 4070 |
tcp,udp |
tripe |
not scanned |
Amazon Echo Dot (Amazon Alexa) streaming connection with Spotify
IANA registered for: Trivial IP Encryption (TrIPE) |
| 4087 |
tcp |
applusservice |
not scanned |
APplus Service (IANA official) |
| 4089 |
tcp,udp |
opencore |
not scanned |
IANA registered for: OpenCORE Remote Control Service |
| 4092 |
tcp |
trojan |
Premium scan |
WinCrash [Symantec-2000-121909-3241-99] trojan |
| 4093 |
tcp,udp |
pvxpluscs |
not scanned |
IANA registered for: Pvx Plus CS Host |
| 4095 |
tcp |
trojans |
Members scan |
W32.Randex.EUS [Symantec-2005-081614-2307-99] (2005.08.16) - a worm that spreads through weak passwords in network shares. Opens a backdoor and listens for remote commands by connecting to IRC servers on port 4095/tcp. |
| 4096 |
tcp,udp |
bre |
not scanned |
IANA registered for: BRE (Bridge Relay Element) |
| 4100 |
tcp,udp |
igo-incognito |
Premium scan |
IGo Incognito Data Port, WatchGuard Authentication Applet, ICQ, Abacast, Sybase ASE
Malicious services using this port: Remote Anything, SkyDance
The WatchGuard Firebox II security appliance is vulnerable to a denial of service attack. A remote attacker can connect to the authentication port (TCP port 4100) and send a malformed URL to the device to cause the authentication service to shut down. The device must be restarted to regain functionality.
References: [BID-1573], [CVE-2000-0783], [XFDB-5098] |
| 4101 |
tcp,udp |
brlp-0 |
not scanned |
Braille protocol, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR, Blackberry Enterprise Server, NewOak
Trojans that may use this port: OptixPro |
| 4102 |
tcp,udp |
brlp-1 |
not scanned |
Braille protocol, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4103 |
tcp,udp |
brlp-2 |
not scanned |
Braille protocol, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4104 |
tcp,udp |
brlp-3 |
not scanned |
Braille protocol, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4105 |
tcp,udp |
shofarplayer |
Premium scan |
WatchGuard Firewalls may allow remote management using WSM (WatchGuard System Manager) over ports 4105, 4117, 4118 TCP.
ShofarPlayer, IBM Internet Security, CA Message Queuing (CAM/CAFT) software. There are some known CAM/CAFT vulnerabilities (CVE-2007-0060)
Computer Associates (CA) Message Queuing (CAM / CAFT), as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105.
References: [CVE-2006-0529], [BID-16475] |
| 4110 |
tcp |
g2tag |
not scanned |
Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110.
References: [CVE-2002-1046] [BID-5186]
G2 RFID Tag Telemetry Data (TCP/UDP) (IANA official) |
| 4111 |
tcp,udp |
xgrid |
not scanned |
IANA registered for: Xgrid |
| 4112 |
udp |
applications |
not scanned |
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
References: [CVE-2007-6276], [BID-26699]
Port is also IANA registered for Apple VPN Server Reporting Protocol |
| 4116 |
tcp,udp |
smartcard-tls |
not scanned |
IANA registered for: Smartcard-TLS |
| 4117 |
tcp |
watchguard |
not scanned |
WatchGuard Firewalls may allow remote management using WSM (WatchGuard System Manager) over ports 4105, 4117, 4118 TCP. |
| 4118 |
tcp |
watchguard |
not scanned |
Trend Micro Deep security agent uses port 4118 tcp for agent/manager communications.
WatchGuard Firewalls may allow remote management using WSM (WatchGuard System Manager) over ports 4105, 4117, 4118 TCP.
|
| 4120 |
tcp |
minirem |
not scanned |
IANA registered for: MiniRem Remote Telemetry and Control |
| 4123 |
tcp |
trojans |
Members scan |
W32.Bratle.B [Symantec-2005-080216-5303-99] (2005.08.02) - a worm that spreads by exploiting the MS LSASS Buffer Overrun Vulnerability ([MS04-011]). It opens a backdoor by running an FTP server on port 4123/tcp.
Z-Wave Protocol (TCP/UDP) [Sigma_Designs_Inc_2] (IANA official) |
| 4125 |
tcp |
rww |
Members scan |
MS Small Business Server Remote Web Workplace administration
IANA registered for: Opsview Envoy |
| 4128 |
tcp,udp |
nufw |
Premium scan |
NuFW decision delegation protocol
Trojans using this port: RCServ, RedShad |
| 4132 |
tcp,udp |
nuts_dem |
not scanned |
NUTS Daemon, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4133 |
tcp,udp |
nuts_bootp |
not scanned |
NUTS Bootp Server, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4135 |
tcp,udp |
cl-db-attach |
not scanned |
Classic Line Database Server Attach, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4136 |
tcp,udp |
cl-db-request |
not scanned |
Classic Line Database Server Request, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4137 |
tcp,udp |
cl-db-remote |
not scanned |
Classic Line Database Server Remote, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4156 |
udp |
worm-linux |
Premium scan |
Linux.Slapper.Worm [Symantec-2002-091311-5851-99] (2002.09.13) - family of worms that use an "OpenSSL buffer overflow exploit [CVE-2002-0656] to run a shell on a remote computer. Targets vulnerable Apache Web servers under various Linux distributions. The worm has distributed denial of service (DDoS) attack capabilities. It spreads by exploiting ports 80/tcp and 443/tcp. Opens backdoors on the following ports: 2002/udp (.A variant), 1978/udp (.B variant), 4156/udp and 1052/tcp periodically (.C variant). |
| 4160 |
tcp,udp |
jini-discovery |
not scanned |
IANA registered for: Jini Discovery
Port also used by Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4161 |
tcp,udp |
omscontact |
not scanned |
OMS Contact, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4162 |
tcp,udp |
omstopology |
not scanned |
OMS Topology, Quadrox GuardDVR, Quadrox GuardNVR, Quadrox WebCCTV DVR, Quadrox WebCCTV NDVR, Quadrox WebCCTV NVR |
| 4171 |
tcp |
ml-svnet |
not scanned |
Maxlogic Supervisor Communication |
| 4172 |
tcp,udp |
pcoip |
not scanned |
IANA registered for Teradici PC over IP |
| 4173 |
udp |
mma-discovery |
not scanned |
IANA registered for: MMA Device Discovery |
| 4174 |
tcp |
smcluster |
not scanned |
IANA registered for: StorMagic Cluster Services |
| 4175 |
tcp |
bccp |
not scanned |
Brocade Cluster Communication Protocol |
| 4176 |
tcp |
tl-ipcproxy |
not scanned |
Translattice Cluster IPC Proxy |
| 4183 |
tcp,udp |
cyborgnet |
not scanned |
CyborgNet communications (IANA official) |
| 4190 |
tcp |
plesk |
not scanned |
Plesk dovecot (since version 12.0) |
| 4191 |
tcp |
trojans |
Premium scan |
Backdoor.Sdbot.AH [Symantec-2004-112217-1611-99] (2004.11.22) - a network aware worm with backdoor functionality. Affects all current Windows versions. It spreads via network shares and allows remote access on port 4191. |
| 4192 |
tcp,udp |
azeti |
not scanned |
Azeti Agent Service |
| 4193 |
tcp |
pvxplusio |
not scanned |
PxPlus remote file server |
| 4194 |
tcp |
spdm |
not scanned |
Security Protocol and Data Model (IANA official) |
| 4195 |
tcp,udp |
aws-wsp |
Premium scan |
IANA registered for: AWS protocol for cloud remoting solution (DCCP protocol) |
| 4197 |
tcp,udp |
hctl |
not scanned |
Harman HControl Protocol (IANA official) |
| 4201 |
tcp,udp |
vrml-multi-use |
not scanned |
VRML Multi User Systems, TinyMUD and various derivatives (TCP)
War trojan also uses this port (TCP). |
| 4210 |
tcp |
trojan |
Premium scan |
Netkey trojan |
| 4211 |
tcp |
trojan |
Premium scan |
Netkey trojan |
| 4224 |
tcp,udp |
applications |
not scanned |
Cisco Audio Session Tunneling (TCP)
A remote overflow exists in Xtell. The Xtelld daemon fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to port 4224, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
References: [BID-4193], [CVE-2002-0332] |
| 4225 |
tcp |
trojan |
Premium scan |
Silent Spy |
| 4226 |
tcp,udp |
games |
not scanned |
Aleph One - Bungie Software |
| 4241 |
tcp,udp |
vrml-multi-use |
not scanned |
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.
References: [CVE-2020-5801]
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.
References: [CVE-2020-5802]
VRML Multi User Systems (IANA official) |
| 4242 |
tcp |
vrml |
Members scan |
Applications using this port:
CrashPlan Cloud Backup
Microsoft Application Center Remote Management services
Orthanc (open source DICOM server for medical imaging)
Rag Doll Kung Fu (TCP/UDP)
Reverse Battle Tetris
Quassel distributed IRC client
Virtual Hacking Machine (VHM) trojan
Nemog backdoor (discovered 2004.08.16) - a backdoor trojan horse that allows an infected computer to be used as an email relay and HTTP proxy, dropped by W32.Mydoom.Q@mm. It can use one of the following ports: 3306,4242,4646,4661,6565,8080
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242.
References: [CVE-2015-8979], [BID-94951], [XFDB-130495]
IANA registered for: VRML Multi User Systems |
| 4243 |
tcp,udp |
vrml-multi-use |
not scanned |
CrashPlan Cloud Backup, VRML Multi User Systems,
The port is also commonly used by Docker implementations, redistributions, and setups (TCP). |
| 4244 |
tcp,udp |
vrml-multi-use |
Premium scan |
Viber uses the following ports: 80, 443, 4244, 5242, 5243, 7985 TCP/UDP
WhatsApp uses these ports:
80, 443, 4244, 5222, 5223, 5228, 5242 TCP
50318, 59234 TCP/UDP
3478, 45395 UDP
QLIK Sense (cloud analytics platform) runs HTTPS service on port 4244
Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS version, IMSI, and 16 bytes of udid in a binary format, which is located at approximately offset 0x40 of this packet. Then, the attacker installs Viber on his device, initiates the registration process for any phone number, but doesn't enter a pin from SMS. Instead, he closes Viber. Next, the attacker rewrites his udid with the victim's udid, modifying the viber_udid file, which is located in the Viber preferences folder. (The udid is stored in a hexadecimal format.) Finally, the attacker starts Viber again and enters the pin from SMS.
References: [CVE-2019-18800]
IANA registered for: VRML Multi User Systems |
| 4245 |
tcp |
trojan |
Premium scan |
Rux.Backdoor trojan horse |
| 4300 |
tcp,udp |
corelccam |
not scanned |
Corel CCam
Backdoor.smokodoor [Symantec-2003-100614-0437-99] also uses this port (TCP). |
| 4311 |
tcp |
p6ssmc |
not scanned |
P6R Secure Server Management Console |
| 4312 |
tcp |
pscl-mgt |
not scanned |
Parascale Membership Manager |
| 4313 |
tcp |
perrla |
not scanned |
PERRLA User Services |
| 4314 |
tcp |
choiceview-agt |
not scanned |
IANA registered for: ChoiceView Agent |
| 4315 |
tcp |
trojan |
Premium scan |
Power |
| 4316 |
tcp |
choiceview-clt |
not scanned |
IANA registered for: ChoiceView Client |
| 4317 |
tcp |
opentelemetry |
not scanned |
OpenTelemetry Protocol (IANA official) |
| 4319 |
tcp,udp |
fox-skytale |
not scanned |
Fox SkyTale encrypted communication (IANA official) |
| 4321 |
tcp |
trojans |
Premium scan |
BoBo, Schoolbus 1.0 trojans
Command & Conquer: Red Alert 3 also uses this port.
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.
References: [CVE-2008-3269], [BID-30236]
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
References: [CVE-2017-11502]
Remote Who Is (TCP/UDP) [RFC 2167] (IANA official)
|
| 4323 |
tcp,udp |
trim-ice |
not scanned |
Lincoln Electric's ArcLink/XT (UDP)
IANA registered for: TRIM ICE Service |
| 4326 |
tcp,udp |
geognosis |
not scanned |
Cadcorp GeognoSIS (IANA official) |
| 4329 |
tcp |
publiqare-sync |
not scanned |
IANA registered for: PubliQare Distributed Environment Synchronisation Engine |
| 4330 |
tcp |
dey-sapi |
not scanned |
DEY Storage Administration REST API (IANA official) |
| 4331 |
tcp |
ktickets-rest |
not scanned |
management and ticketing systems (embedded POS devices) (IANA official) |
| 4332 |
tcp |
getty-focus |
not scanned |
IANA registered for: Getty Images FOCUS service |
| 4333 |
tcp,udp,sctp |
msql |
not scanned |
ArrowHead Service Protocol (AHSP) [QuantuMatriX_Technologies] (IANA official)
mini-sql server (TCP) |
| 4334 |
tcp |
netconf-ch-ssh |
not scanned |
IANA registered for: NETCONF Call Home (SSH) |
| 4335 |
tcp |
netconf-ch-tls |
not scanned |
IANA registered for: NETCONF Call Home (TLS) |
| 4336 |
tcp |
restconf-ch-tls |
not scanned |
IANA registered for: RESTCONF Call Home (TLS) |
| 4341 |
udp |
lisp-data |
not scanned |
LISP Data Packets [RFC 6830] (IANA official) |
| 4342 |
udp |
lisp-control |
not scanned |
LISP Control Packets (IANA official) |
| 4343 |
tcp |
unicall |
not scanned |
TrendMicro WFBS web server port
Trend Micro OfficeScan is vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the CGIOCommon.dll library. By sending a specially-crafted request to port 4343 TCP with an overly long session cookie, remote attacker could overflow a buffer and execute arbitrary code on the system with Web user privileges.
References: [BID-24641], [XFDB-35051]
Trend Micro Apex One and OfficeScan XG could allow a remote attacker to obtain sensitive information, caused by improper access control by the web console. By sending a specially-crafted request through TCP port 4343, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
References: [CVE-2020-28577], [XFDB-192493]
Trend Micro Apex One could allow a remote attacker to obtain sensitive information, caused by improper access control by the web console. By sending a specially-crafted request through TCP port 4343, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
References: [CVE-2020-28573], [CVE-2020-28576], [CVE-2020-28582], [CVE-2020-28583], [XFDB-192379], [XFDB-192380], [XFDB-192490], [XFDB-192492]
IANA registered for: UNICALL |
| 4345 |
tcp |
trendmicro |
not scanned |
TrendMicro Smart Scan server uses TCP ports 4345/tcp and 8082/tcp. |
| 4352 |
tcp,udp |
pjlink |
not scanned |
IANA registered for: Projector Link |
| 4354 |
tcp,udp |
qsnet-trans |
not scanned |
QSNet Transmitter |
| 4355 |
tcp,udp |
qsnet-workst |
not scanned |
QSNet Workstation |
| 4356 |
tcp,udp |
qsnet-assist |
not scanned |
QSNet Assistant |
| 4357 |
tcp,udp |
qsnet-cond |
not scanned |
QSNet Conductor |
| 4360 |
tcp |
matrix_vnet |
not scanned |
Matrix VNet Communication Protocol |
| 4361 |
udp |
nacnl |
not scanned |
NavCom Discovery and Control Port |
| 4362 |
udp |
afore-vdp-disc |
not scanned |
IANA registered for: AFORE vNode Discovery protocol |
| 4367 |
tcp |
trojans |
Premium scan |
W32.Spybot.NLX [Symantec-2005-041214-0247-99] (2005.04.12) - wom that exploits a number of MS vulnerabilities. It has distributed denial of service (DDoS), and backdoor capabilities. Opens a backdoor by connecting to an IRC channel using port 4367/tcp. |
| 4369 |
tcp,udp |
applications |
not scanned |
HAI Home Automation
Erlang Port Mapper Daemon [Erlang] (IANA official)
SolarWinds Server & Application Monitor (SAM) uses the following ports:
4369 TCP - RabbitMQ messaging (EMPD)
5671 TCP - RabbitMQ messaging (AMQP over TLS/SSL)
5672 TCP - RabbitMQ messaging (AMQP unencrypted backup port)
17777 TCP - Orion module traffic, RSA handshake, AES 256 communication using WCF
17778 TCP - SolarWinds Information Service API
17779 TCP - SolarWinds Toolset Integration over HTTP
17790 TCP - Agent communication with the Orion server
17791 TCP - Agent communication with the Orion server
25672 TCP - RabbitMQ messaging (Erlang distribution)
SolarWinds also uses the following standard ports: 22/TCP, 25/TCP, 135/TCP, 161-162/UDP, 443/TCP, 445/TCP, 465/TCP, 587/TCP, 1801/TCP
|
| 4370 |
tcp,udp |
elpro_tunnel |
not scanned |
The ZKSoftware ZK5000 and ZK9000 management software could provide weaker than expected security, caused by missing authentication checks for remote access. By sending a request to UDP port 4370, a remote attacker could exploit this vulnerability to perform certain administrative actions and obtain information without having proper authentication.
References: [XFDB-57067], [EDB-11822]
IANA registered for: ELPRO V2 Protocol Tunnel |
| 4379 |
udp |
games |
not scanned |
Steamworks P2P Networking and Steam Voice Chat UDP
R.U.S.E.
|
| 4380 |
udp |
applications |
not scanned |
Steam Client, R.U.S.E., Breach, Left 4 Dead
Napoleon - Total War also uses port 4380 (TCP/UDP) |
| 4387 |
tcp |
trojan |
Premium scan |
Phatbot |
| 4398 |
udp |
applications |
not scanned |
Apple Game Center |
Vulnerabilities listed: 100 (some use multiple ports)
|
