NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Netgear Prosafe FVS336Gv3 Leaving Telnet port 23 open
I am running a PCI Compliance vulnerability check on my network, and I am being flagged for having port 23 Telnet open. I have read that this is closed by default so I'm not sure why it is appearing....
Thanks for the response! This is the exact response I got from the PCI Scanner:
For additional information please scroll down. We have denied this dispute based upon manual investigation of this finding. Manual investigation appears to show plaintext logins are possible on this system:
$ telnet 50.xxx.xxx.221 23
Trying 50.xxx.xxx.221...
Connected to 50.xxx.xxx.221.
Escape character is '^]'.
(none) login: Anonymous
Password:
But you were running the scanner on a computer behind the router, correct? Connected to the LAN ports...
The scanner is run by a company outside our local network. I even run tests from port scanning sites, all telling me Telnet is open as well.
The scans are being run from outside the LAN. Showing Port 23 open
Hi mariol66,
Welcome to the community!
Would you mind sending to me via pm your WAN IP and the configuration file of the firewall? You may also try upgrading first the firmware to the latest version and see if that would help.
Regards,
Hi mariol66,
I checked the port 23 to your network and it is showing that it is online/reachable. For now, you may change the default password of your firewall to avoid security risk. Then please try to login to the firewall via console. We may need to disable the telnet from the CLI of the firewall. Just in case that it is not possible to access it via CLI. Please save/backup a configuration file then reset the firewall to factory default as telnet management is disabled by default.
Here is the CLI manual from SRX5308 but it has the same configuration for the device that you have(page 188).
Regards,
I've never used the CLI interface of a Netgear router prior. What commands do I need to run, and what Windows utility do I need to use to achieve this?
You may need a serial cable in order to do this. You may turn on the telnet on your windows pc or you may download a putty application. Please try resetting first the firewall to factory default let's see if port 23 will still be open right after that.
For putty application, Select Telnet then input the IP Address of the firewall. Just login using your credentials for admin user and please follow the instructions on the CLI manual(page 188).
Regards,
Hi,
I entered the commands as shows in the manual, but when I enable_ipv4 N and enable_ipv6 N and save and exit, the port still appears open. And I can log right back in from Terminal
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
