Netcore/Netis Router Vulnerability Scan Report

LAST UPDATED: 2022-08-29

This report identifies hosts that are running a vulnerable or backdoored Netis Router with service open (port 53413/udp) and accessible from the Internet.

A writeup regarding the issue by Trend Micro can be found here. In short — if any of these devices are on your network, you most likely want to replace them.

For more details behind the scan methodology and a daily update of global Netis scan statistics please visit our dedicated Netis scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filenames: scan_netis_router

Fields

timestamp

Time that the IP was probed in UTC+0
ip

The IP address of the device in question
port

Port that the Netis router response came from
hostname

Reverse DNS name of the device in question
tag

Tag describing the type of issue — always 'netis_vulnerability'
response

Response received from the device in question — always 'Login:'
asn

ASN of where the device in question resides
geo

Country where the device in question resides
region

State / Province / Administrative region where the device in question resides
city

City in which the device in question resides
response_size

Response size in bytes
amplification

Amplification factor (This amplification is is based solely on the payload size sent and payload size received)

Sample

"timestamp","ip","port","hostname","tag","response","asn","geo","region","city","naics","sic","sector","response_size","amplification"
"2010-02-10 00:00:00",192.168.0.1,53413,node01.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,0,,18,18.00
"2010-02-10 00:00:01",192.168.0.2,53413,node02.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,0,,18,18.00
"2010-02-10 00:00:02",192.168.0.3,53413,node03.example.com,netis_vulnerability,Login:,64512,ZZ,Region,City,0,0,,18,18.00

Our 118 Report Types

« Back to Network Reporting