| Port(s) |
Protocol |
Service |
Scan level |
Description |
| 1669 |
tcp,udp |
netview-aix-9 |
not scanned |
netview-aix-9 |
| 1670 |
tcp,udp |
netview-aix-10 |
not scanned |
netview-aix-10 |
| 1671 |
tcp,udp |
netview-aix-11 |
not scanned |
netview-aix-11 |
| 1672 |
tcp,udp |
netview-aix-12 |
not scanned |
netview-aix-12 |
| 1673 |
tcp,udp |
games |
not scanned |
TOCA Race Driver 2 |
| 1677 |
tcp,udp |
applications |
not scanned |
Novell GroupWise clients in client/server access mode |
| 1680 |
tcp |
carboncopy |
not scanned |
CarbonCopy |
| 1681 |
tcp |
sd-elmd |
not scanned |
Elipse E3 3.x and earlier allows remote attackers to cause a denial of service (application crash and plant outage) via a rapid series of HTTP requests to index.html on TCP port 1681.
References: [CVE-2014-8652]
IANA registered for: sd-elmd (TCP/UDP)
|
| 1687 |
tcp,udp |
nsjtp-ctrl |
not scanned |
IANA registered for: nsjtp-ctrl
NSJTP stands for HP's Network ScanJet Transfer Protocol |
| 1688 |
tcp,udp |
nsjtp-data |
not scanned |
Port 1688 TCP is commonly used for Microsoft's KMS Traffic.
nsjtp-data (IANA official) - HP's Network ScanJet Transfer Protocol.
|
| 1698 |
udp |
rsvp-encap-1 |
not scanned |
A vulnerability has been reported in Cisco IOS and IOS XE, that can cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling RSVP packets, which can be exploited to cause a reload of the device by sending a specially crafted RSVP packet to UDP port 1698.
References: [CVE-2014-3354] [SECUNIA-59563]
RSVP-ENCAPSULATION-1 (IANA official)
|
| 1698 |
tcp |
malware |
not scanned |
Backdoor.Win32.Wollf.a / Weak Hardcoded Password - the malware listens on TCP port 1698 and runs with SYSTEM integrity. Authentication is required for remote user access. However, the password "23706373" is weak and hardcoded within the executable. The malware is packed with UPX and exposes the cleartext all numeric credentials when decompressed.
References: [MVID-2021-0404] |
| 1700 |
tcp |
|
Premium scan |
Fortinet FortiGate uses the following ports (in addition to standard ports 53, 80, 443):
514 tcp - FortiAP logging and reporting
541 tcp, 542 tcp - FortiGuard management
703 tcp/udp. 730 udp - FortiGate heartbeat
1000 tcp, 1003 tcp - policy override keepalive
1700 tcp - FortiAuthenticator RADIUS disconnect
5246 udp - FortiAP-S event logs
8000, 8001 tcp - FortiClient SSO mobility agent
8008, 8010 tcp - policy override authentication
8013 tcp - FortiClient v.5.4
8014 tcp - Forticlient v.6
8890 tcp - AV/IPS updates, management, firmware
9443 udp - AV/IPS
9582 tcp - FortiGuard Cloud App DB (flow.fortinet.net)
Rux.Tick trojan horse |
| 1700 |
udp |
applications |
not scanned |
Cisco RADIUS Change of Authorization for TrustSec |
| 1701 |
tcp |
vpn |
Premium scan |
L2TP VPN (Virtual Private Networking)
See also:
port 500/udp (IPSec IKE)
port 1723/tcp (PPTP)
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to TCP port 1701 in JBoss 3.2.1, and port 1476 in JBoss 3.0.8.
References: [CVE-2003-0845], [BID-8773] |
| 1701 |
udp |
l2tp |
not scanned |
Mac OS X Server VPN service
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
References: [CVE-2003-1029], [BID-9263], [EDB-23452]
|
| 1703 |
tcp |
trojan |
Premium scan |
Exploiter |
| 1707 |
tcp,udp |
applications |
not scanned |
Windward Studios
Romtoc Packet Protocol (L2F) & Layer 2 Tunneling Protocol (L2TP) also use this port (TCP)
SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or obtain the database password via a GetConnection request to TCP port 1707.
References: [CVE-2004-1611], [BID-11450] |
| 1711 |
tcp |
trojan |
Premium scan |
yoyo trojan |
| 1716 |
udp |
games |
not scanned |
America's Army
Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service (daemon crash) via a long PB_Y packet to the YPG server on UDP port 1716 or PB_U packet to UCON on UDP port 1716.
References: [CVE-2007-5249]
Port is also IANA registered for xmsg. |
| 1717 |
udp |
games |
not scanned |
America's Army |
| 1718 |
tcp |
applications |
not scanned |
McAfee E-Business Server could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the administration interface. By sending a malformed authentication packet to TCP port 1718, a remote attacker could exploit this vulnerability to cause the application to crash or execute arbitrary code with SYSTEM privileges.
References: [CVE-2008-0127], [BID-27197]
H.323 Multicast Gatekeeper Discover (IANA official) |
| 1718 |
udp |
games |
not scanned |
America's Army
H.323 Multicast Gatekeeper Discover (IANA official) |
| 1719 |
tcp |
applications |
not scanned |
H.323 Unicast Gatekeeper Signaling (IANA official) |
| 1720 |
tcp |
h323 |
Premium scan |
Port most commonly used by Microsoft NetMeeting.
H.323 used for voice-over IP call set-up (H.323 Call Control Signalling, IANA official).
IPContact also uses port 1720 (TCP/UDP)
Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) by sending crafted H.323 packets to TCP port 1720, aka Bug ID CSCth11006.
References: [CVE-2011-3277], [BID-49822]
innovaphone is vulnerable to a denial of service. By sending random data to its H.323 network service on the TCP port 1720, a remote attacker could exploit this vulnerability to cause the system to reboot.
References: [XFDB-111292]
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References: [CVE-2020-14305] |
| 1723 |
tcp,udp |
PPTP |
Basic scan |
PPTP VPN (Point-to-Point Tunneling Protocol Virtual Private Networking).
PPTP has a number of known vulnerabilities. It is no longer considered secure, as cracking the initial MS-CHAPv2 authentication can be reduced to the difficulty of cracking a single DES 56-bit key, which can be brute-forced in a short period of time. It is prone to MITM (man in the middle) attacks, where an attacker can capture the handshake and do an offline attack to derive the RC4 key and decrypt the traffic. PPTP is also vulnerable to bit-flipping attacks, i.e. an attacker can modify PPTP packets without possibility of detection. OpenVPN with AES encryption is a much more secure choice.
See also:
port 500/udp (IPSec IKE)
port 1701/tcp (L2TP)
port 1194/udp (OpenVPN)
QNAP NAS uses port 1723/TCP for PPTP VPN. It can also use 1194/UDP (OpenVPN), and a number of other ports, as follows: 80,8081/TCP (web server), 443,8080/TCP (web admin), 20,21,22/TCP (FTP/SSH), 13131/TCP (telnet), 873,8899/TCP (remote replication), 20001/UDP (CloudLink - optional, only required for access without manual port forwarding)
Mac OS X Server VPN service also uses port 1723 (TCP).
The Siemens Gigaset SE361 WLAN router allows remote attackers to cause a denial of service (device reboot) via a flood of crafted TCP packets to port 1723.
References: [CVE-2009-3322] [BID-36366]
SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface.
References: [CVE-2003-0419]
The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted TCP port-1723 packets, aka Bug ID CSCtq14817.
References: [CVE-2013-5481] |
| 1725 |
tcp,udp |
iden-ralp |
not scanned |
Valve Steam Client uses port 1725 (UDP)
IANA registered for: iden-ralp |
| 1726 |
tcp |
applications |
not scanned |
Air Cam Live
SonicWall single sign on
Iberia Games (IANA official) |
| 1728 |
tcp |
applications |
not scanned |
Air TV |
| 1729 |
tcp,udp |
applications |
not scanned |
OKWin uses ports 1729-1735 |
| 1734 |
tcp,udp |
applications |
not scanned |
IPContact uses ports 1734-1767 |
| 1735 |
tcp,udp |
applications |
not scanned |
OKWin uses ports 1729-1735 |
| 1741 |
tcp |
applications |
not scanned |
Multiple buffer overflows in the authentication functionality in the web-server module in Cisco CiscoWorks Common Services before 4.0 allow remote attackers to execute arbitrary code via a session on TCP port 1741, aka Bug ID CSCti41352.
References: [CVE-2010-3036], [BID-44468]
Port also IANA registered for cisco-net-mgmt |
| 1745 |
tcp,udp |
remote-winsock |
not scanned |
remote-winsock
The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
References: [CVE-2003-0110] |
| 1751 |
tcp |
trojans |
Members scan |
W32.Loxbot.D [Symantec-2006-010615-2712-99] (2006.01.06) - a worm that opens a backdoor on the compromised computer. Spreads through AOL Instant Messenger, uses rootkit capabilities to hide its process in memory. Opens a backdoor and listens for remote commands on port 1751/tcp.
|
| 1753 |
tcp |
predatar-comms |
not scanned |
Predatar Comms Service [Silverstring_Ltd] (IANA official) |
| 1755 |
tcp,udp |
ms-streaming |
Members scan |
Port used by Microsoft Media Server (MMS) protocol for Windows Media steaming, Microsoft Media Services, MS NetShow.
1755/tcp is used for accepting incoming MMS client connections and for delivering data packets to clients that are streaming using MMST.
1755/udp used for receiving packet loss information from clients and providing synchronization information to clients that are streaming using MMSU.
See also: ports 554,5004,5005 - Real Time Streaming Protocol (RTSP) |
| 1761 |
tcp,udp |
cft-0 |
not scanned |
Novell Zenworks Remote Control utility uses port 1761 (TCP)
Novell ZENworks Desktop Management is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Remote Management Agent within ZenRem32.exe when processing certain version fields. By sending a specially-crafted packet to TCP or UDP port 1761, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash.
References: [XFDB-64025] [XFDB-64026] [BID-45379] [BID-45375]
IANA registered for: cft-0 |
| 1762 |
tcp,udp |
cft-1 |
not scanned |
IANA registered for: cft-1 |
| 1763 |
tcp,udp |
cft-2 |
not scanned |
IANA registered for: cft-2 |
| 1764 |
tcp,udp |
cft-3 |
not scanned |
IANA registered for: cft-3 |
| 1765 |
tcp,udp |
cft-4 |
not scanned |
IANA registered for: cft-4 |
| 1766 |
tcp,udp |
cft-5 |
not scanned |
IANA registered for: cft-5 |
| 1767 |
tcp,udp |
cft-6 |
not scanned |
IANA registered for: cft-6 |
| 1768 |
tcp,udp |
cft-7 |
not scanned |
IANA registered for: cft-7 |
| 1769 |
tcp,udp |
bmc-net-adm |
not scanned |
IANA registered for: bmc-net-adm |
| 1770 |
tcp,udp |
bmc-net-svc |
not scanned |
IANA registered for: bmc-net-svc |
| 1771 |
tcp,udp |
vaultbase |
not scanned |
IANA registered for: vaultbase |
| 1772 |
tcp,udp |
trojans |
Premium scan |
Backdoor.Netcontrole [Symantec-2002-061915-0341-99] (2002.06.19) - remote access trojan. Affects all current Windows versions.
port is also registered with IANA for: EssWeb Gateway |
| 1776 |
tcp,udp |
femis |
not scanned |
Federal Emergency Management Information System (IANA official) |
| 1777 |
tcp |
trojan |
Premium scan |
Scarab trojan |
| 1784 |
tcp |
trojan |
Premium scan |
Snid X2 trojan |
| 1789 |
tcp,udp |
hello |
not scanned |
Trojan.Win32.Alien.erf / Remote Stack Buffer Overflow - the malware deploys a Web server AM6WebMgr.exe (JAO build 809) listening on TCP port 1789. Third-party attackers who can reach an infected host can trigger a classic remote buffer overflow by making a HTTP GET request for the "SynchroRes.cgi" URL with a long payload. This will overwrite the ECX and EIP stack registers.
References: [MVID-2021-0252]
Hello (IANA official)
|
| 1791 |
udp |
games |
not scanned |
NHL 2003 |
| 1792 |
tcp,udp |
ibm-dt-2 |
not scanned |
NHL 2003 (UDP)
Moby also uses port 1792.
IANA registered for: ibm-dt-2 |
| 1795 |
udp |
games |
not scanned |
Madden NFL 2005, Madden NFL 2006, Madden NFL 07 |
| 1797 |
udp |
games |
not scanned |
Madden NFL 2006 |
| 1800 |
tcp,udp |
applications |
not scanned |
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.
References: [CVE-2007-3440] [BID-24535]
W32.Wowinzi.A [Symantec-2008-050714-5642-99] (2008.05.07) - a worm that spreads by copying itself to mapped, fixed and removable drives on the compromised computer. It may also steal information and download potentially malicious code.
The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.
References: [CVE-2007-3439] [OSVDB-37753] [BID-24532] [SECUNIA-25840]
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753.
References: [CVE-2017-17406]
ANSYS-License manager (IANA official) |
| 1801 |
tcp,udp |
msmq |
not scanned |
Microsoft Message Queuing (MSMQ) uses the following ports:
1801 TCP/UDP
2101, 2103, 2105 (RPC over TCP)
3527 UDP
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
References: [CVE-2021-25274]
|
| 1807 |
tcp |
trojans |
Premium scan |
Backdoor.Delf.hp a.k.a. SpySender - remote access trojan, affects Windows 9x/NT/2k/XP/Vista, uses ports 1807, 3418. |
| 1811 |
udp |
applications |
not scanned |
HP Intelligent Management Center UAM is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the uam.exe component. By sending a specially-crafted string to UDP port 1811, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the application to crash.
References: [EDB-22432], [XFDB-78167] |
| 1812 |
udp |
RADIUS |
not scanned |
RADIUS (Remote Authentication Dial-In User Service, RFC 2865 and RFC 2866 ) is a freely available distributed security system developed by Lucent Technologies InterNetworking Systems. Lucent has worked with the IETF (Internet Engineering Task Force) to define RADIUS as an interoperable method for distributed security on the Internet. RADIUS was designed based on a previous recommendation from the IETF's Network Access Server Working Requirements Group.
Uses UDP ports 1645 & 1646, or 1812 & 1813.
A vulnerability has been reported in Cisco Secure Access Control Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when parsing EAP-FAST user identities and can be exploited to execute arbitrary commands via specially crafted packets sent to UDP port 1645 or 1812.
References: [CVE-2013-3466], [SECUNIA-54610] |
| 1812 |
tcp |
applications |
Premium scan |
RADIUS authentication protocol default port.
The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
References: [CVE-2009-5120]
RADIUS authentication protocol [RFC 2138] (IANA official) |
| 1813 |
udp |
RADIUS |
not scanned |
RADIUS (Remote Authentication Dial-In User Service, RFC 2865 and RFC 2866) is a freely available distributed security system developed by Lucent Technologies InterNetworking Systems. Lucent has worked with the IETF (Internet Engineering Task Force) to define RADIUS as an interoperable method for distributed security on the Internet. RADIUS was designed based on a previous recommendation from the IETF's Network Access Server Working Requirements Group.
Uses UDP ports 1645 & 1646, or 1812 & 1813. |
| 1815 |
tcp,udp |
mmpft |
not scanned |
Manufacturing messaging protocol for factory transmission (IANA official) |
| 1818 |
tcp,udp |
etftp |
not scanned |
Panasonic security cameras default port for the Panasonic Alarm Notification Protocol.
IANA registered for ETFTP (Enhanced Trivial File Transfer Protocol)
|
| 1826 |
tcp |
trojan |
Premium scan |
Glacier |
| 1827 |
tcp,udp |
asi |
not scanned |
Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.
References: [CVE-1999-1147] [OSVDB-3164]
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.
References: [CVE-2013-6035]
ASI (IANA official) |
| 1830 |
tcp |
net8-cman |
not scanned |
Oracle Net8 CMan Admin.
Oracle Database Management uses the following ports:
1521 TCP - Oracle SQL Net Listener and Data Guard
1832 TCP - Oracle Enterprise Management Agent HTTP (range 1830-1849)
49896 TCP - Oracle Clusterware (CRS daemon)
|
| 1832 |
tcp |
oracle |
not scanned |
Oracle Database Management uses the following ports:
1521 TCP - Oracle SQL Net Listener and Data Guard
1832 TCP - Oracle Enterprise Management Agent HTTP (range 1830-1849)
49896 TCP - Oracle Clusterware (CRS daemon)
|
| 1833 |
tcp |
trojan |
Premium scan |
TCC |
| 1834 |
tcp |
trojan |
Premium scan |
TCC |
| 1835 |
tcp |
trojan |
Premium scan |
TCC |
| 1836 |
tcp |
trojan |
Premium scan |
TCC |
| 1837 |
tcp |
trojan |
Premium scan |
TCC |
| 1839 |
tcp |
netopia |
not scanned |
Pitou.B Trojan [Symantec-2016-011823-3733-99] communicates over this port
IANA registered for: netopia-vo1 |
| 1843 |
tcp,udp |
applications |
not scanned |
Yahoo Fantasy Football |
| 1847 |
tcp,udp |
slp-notify |
not scanned |
SLP Notification [RFC 3082] (IANA official) |
| 1850 |
tcp |
trojans |
Members scan |
Black Angel, also known as Black Angel.13 and Black Angel b5, is a backdoor Trojan affecting Microsoft Windows operating systems. Black Angel uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client.
The trojan is normally stored in the Windows registry under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. When Black Angel is executed, the server component copies itself as C:\WINDOWS\Iex32dll.exe, and restarts when the Windows operating system is booted up. The server attempts to open a port, typically TCP 1850, to allow the client system to connect. Black Angel could allow a remote attacker to gain unauthorized access to the system.
References: [XFDB-14108]
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753.
References: [CVE-2017-17406]
Port is also IANA registered for: GSI |
| 1858 |
tcp,udp |
privateark |
not scanned |
CyberArk Password Vault could allow a remote attacker to obtain sensitive information, caused by a flaw in the proprietary network protocol. By sending a client's logon request through port 1858, a remote attacker could exploit this vulnerability to obtain sensitive information.
References: [CVE-2018-9842], [XFDB-141363], [EDB-45926], [EDB-44829], [EDB-44428]
IANA registered for: PrivateArk |
| 1862 |
tcp,udp |
mysql-cm-agent |
not scanned |
MySQL Cluster Manager Agent |
| 1863 |
tcp,udp |
msnp |
Basic scan |
Port used by MSN Messenger
W32.Mytob.IE@mm [Symantec-2005-072109-5548-99] (2005.07.21) - a mass-mailing worm that opens a backdoor and lowers security settings on the compromised computer. It uses its own SMTP engine. Opens a backdoor and listens for remote commands on port 1863/tcp.
Backdoor.Kaitex.e [Symantec-2004-022014-5559-99] also uses this port (TCP).
W32.Scrimge.E [Symantec-2007-081515-1716-99] (2007.08.15) - a worm that spreads through Microsoft instant messaging clients and opens a back door on the compromised computer.
Xbox Live 360 also uses this port. |
| 1877 |
tcp,udp |
trojan |
Premium scan |
Lala [Symantec-2002-122014-1523-99] backdoor - a trojan horse that allows unauthorized access to a compromised computer. The Trojan attempts to steal confidential information (such as cached passwords and cookies), log keystrokes, and allow for remote file execution. Opens TCP/UDP port 4627, 1149, or 1877 to allow remote access. |
| 1879 |
tcp |
virus |
Premium scan |
W32.Zori.B [Symantec-2005-033110-4910-99] (2005.03.31) - virus that spreads through network shares and prepends .exe files. It deletes files from all disks 9 days after the original infection.
It also opens a backdoor on port 1879/tcp and listens for remote commands from an attacker. |
| 1880 |
tcp,udp |
vsat-control |
not scanned |
Software tool Node-RED uses this port
IANA registered for: Gilat VSAT Control |
| 1882 |
tcp |
applications |
not scanned |
The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.
References: [CVE-2008-1984], [BID-28888]
The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow.
References: [CVE-2011-0758] [BID-46253] [SECUNIA-43200]
CA eTrust Common Services (IANA official) |
| 1883 |
tcp,udp |
mqtt |
not scanned |
MQTT (Message Queuing Telemetry Transport Protocol, IANA Official). Also uses port 8883. |
| 1886 |
tcp,udp |
leoip |
not scanned |
IANA registered for: Leonardo over IP |
| 1889 |
tcp,udp |
unify-adapter |
not scanned |
Port is IANA registered for: Unify Web Adapter Service |
| 1900 |
tcp,udp |
SSDP, UPnP |
Premium scan |
IANA registered by Microsoft for SSDP (Simple Service Discovery Protocol).
UPnP discovery/SSDP, is a service that runs by default on WinXP, and creates an immediately exploitable security vulnerability for any network-connected system. Filtering this port proactively prevents XP systems from being remotely compromised by malicious worms or intruders. See UPnP vulnerabilities (port 5000).
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
References: [CVE-2008-3571], [BID-30522]
Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port 1900 or 2200.
References: [CVE-2007-0449]
Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900.
References: [CVE-2006-3687] [BID-19006] [SECUNIA-21081] [OSVDB-27333]
Swisscom Internet-Box is vulnerable to a stack-based buffer overflow, caused by imprper bounds checking by the LAN UPnP service. By sending a simple UDP packet to port 1900, a remote attacker could overflow a buffer and execute arbitrary code on the device.
References: [CVE-2018-16596], [XFDB-154437]
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
References: [CVE-2020-15893]
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.
References: [CVE-2021-27239] |
| 1905 |
tcp |
trojan |
Premium scan |
Delta Remote Access |
| 1906 |
tcp |
trojans |
Premium scan |
Backdoor.Verify [Symantec-2005-040711-2720-99] (2005.04.06) - backdoor trojan that that allows remote access to the compromised computer, opens ports 1906/tcp and 1907/tcp for remote access.
Backdoor.Win32.Verify.h / Unauthenticated Remote Command Execution - the malware listens on TCP ports 1906 and 1907. Third-party adversaries who can reach an infected host on either port can gain access and or run any OS command.
References: [MVID-2022-0538] |
| 1907 |
tcp |
trojan |
Premium scan |
Backdoor.Verify [Symantec-2005-040711-2720-99] (2005.04.06) - backdoor trojan that that allows remote access to the compromised computer, opens ports 1906/tcp and 1907/tcp for remote access.
Backdoor.Win32.Verify.h / Unauthenticated Remote Command Execution - the malware listens on TCP ports 1906 and 1907. Third-party adversaries who can reach an infected host on either port can gain access and or run any OS command.
References: [MVID-2022-0538] |
| 1908 |
udp |
applications |
not scanned |
Monopoly Tycoon, developer: Deep Red |
| 1911 |
tcp |
trojan |
Premium scan |
Arctic |
| 1912 |
udp |
applications |
not scanned |
Monopoly Tycoon, developer: Deep Red |
| 1914 |
udp |
applications |
not scanned |
Monopoly Tycoon, developer: Deep Red |
| 1917 |
tcp,udp |
noagent |
not scanned |
Netopia netOctopus network management |
| 1920 |
tcp,udp |
can-ferret |
not scanned |
IANA registered for: IBM Tivoli Directory Service - FERRET |
| 1921 |
tcp,udp |
applications |
not scanned |
Netopia netOctopus network management |
