× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

What is port 8443 for ?

Olivier421
Aspirant
Aspirant
‎2021-10-11 09:20 AM
‎2021-10-11 09:20 AM

What is port 8443 for ?

With firmware v12.0.13.8, i've noticed a new port in use, 8443/tcp .

My HTTPS is on 443.

 

The port 8443 accepts weak ciphers, such as SHA1 and is vulnerable to sweet32 (CVE of 2016 ...).

 

Browsing the URL directly on port 8443, a popup appears (i'm trying admin account). It works.

 

Then i see this message in red:

SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data

 

 

I have other M4300 with older firmwares, and they do not show this vulnerability, not this 8443 port active.

 

Exporting config file , it does not mention this port number 8443

 

What is this for ?

How to remove it ?

 

Thanks.

 

Model: XSM4324S|M4300-12X12F - Stackable Managed Switch with 24x10G including 12x10GBASE-T and 12xSFP+ Layer 3
Message 1 of 5
0 Kudos
Reply
schumaku
Guru Guru
Guru
‎2021-10-11 10:39 AM
‎2021-10-11 10:39 AM

Re: What is port 8443 for ?

The M4300 series switch does host the REST API service using the https protocol on port 8443 afaik. @LaurentMa please.

Message 2 of 5
0 Kudos
Reply
LaurentMa
NETGEAR Expert
NETGEAR Expert
‎2021-10-12 03:07 AM
‎2021-10-12 03:07 AM

Re: What is port 8443 for ?

Thank you @schumaku 

 

@Olivier421 we have received your request here, at ProAVDesign@netgear.com and also your issue raised at our Tech Support. Be sure we are going to assess the matter as fast as possible.

 

We can report the progress in this thread, moving forward. Looking forward to a rapid resolution!

 

Regards,

Message 3 of 5
0 Kudos
Reply
NZ74
Aspirant
Aspirant
‎2022-02-23 11:27 AM
‎2022-02-23 11:27 AM

Re: What is port 8443 for ?

Is there a resolution to this problem? I'm seeing the same "64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183)" vulnerability on my M4300 for port 8443.

 

Can I disable a feature to resolve this?

Model: GSM4352PA|M4300-52G-PoE+ - 48x1G PoE+ Stackable Managed Switch with 2x10GBASE-T and 2xSFP+ (550W PSU)
Message 4 of 5
0 Kudos
Reply
Olivier421
Aspirant
Aspirant
‎2022-02-24 12:12 AM
‎2022-02-24 12:12 AM

Re: What is port 8443 for ?

Hello @NZ74 

 

i raised again a ticket to Netgear support shortly after seeing newest firmware 12.0.5.7 not fixing any vuln

https://kb.netgear.com/000064614/M4300-Firmware-Version-12-0-15-7

 

Netgear support responded me "the fix is being released in March."

I'll try it shortly after being released and will respond back here, hopefully with good news.

Message 5 of 5
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 4 replies
  • ‎2021-10-11 09:20 AM
  • 2717 views
  • 0 kudos
  • 4 in conversation
Announcements