Netcore/Netis Router Vulnerability Scan Report

LAST UPDATED: 2022-08-29

This report identifies hosts that are running a vulnerable or backdoored Netis Router with service open (port 53413/udp) and accessible from the Internet.

A writeup regarding the issue by Trend Micro can be found here. In short — if any of these devices are on your network, you most likely want to replace them.

For more details behind the scan methodology and a daily update of global Netis scan statistics please visit our dedicated Netis scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

 

Filenames: scan_netis_router

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • port
    Port that the Netis router response came from
  • hostname
    Reverse DNS name of the device in question
  • tag
    Tag describing the type of issue — always 'netis_vulnerability'
  • response
    Response received from the device in question — always 'Login:'
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • response_size
    Response size in bytes
  • amplification
    Amplification factor (This amplification is is based solely on the payload size sent and payload size received)

Sample

"timestamp","ip","port","hostname","tag","response","asn","geo","region","city","naics","sic","sector","response_size","amplification"
"2010-02-10 00:00:00",192.168.0.1,53413,node01.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,0,,18,18.00
"2010-02-10 00:00:01",192.168.0.2,53413,node02.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,0,,18,18.00
"2010-02-10 00:00:02",192.168.0.3,53413,node03.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,0,,18,18.00

Our 130 Report Types