× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

What is port 8443 for ?

Olivier421
Aspirant

What is port 8443 for ?

With firmware v12.0.13.8, i've noticed a new port in use, 8443/tcp .

My HTTPS is on 443.

 

The port 8443 accepts weak ciphers, such as SHA1 and is vulnerable to sweet32 (CVE of 2016 ...).

 

Browsing the URL directly on port 8443, a popup appears (i'm trying admin account). It works.

 

Then i see this message in red:

SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data

 

 

I have other M4300 with older firmwares, and they do not show this vulnerability, not this 8443 port active.

 

Exporting config file , it does not mention this port number 8443

 

What is this for ?

How to remove it ?

 

Thanks.

 

Model: XSM4324S|M4300-12X12F - Stackable Managed Switch with 24x10G including 12x10GBASE-T and 12xSFP+ Layer 3
Message 1 of 5
schumaku
Guru

Re: What is port 8443 for ?

The M4300 series switch does host the REST API service using the https protocol on port 8443 afaik. @LaurentMa please.

Message 2 of 5
LaurentMa
NETGEAR Expert

Re: What is port 8443 for ?

Thank you @schumaku 

 

@Olivier421 we have received your request here, at ProAVDesign@netgear.com and also your issue raised at our Tech Support. Be sure we are going to assess the matter as fast as possible.

 

We can report the progress in this thread, moving forward. Looking forward to a rapid resolution!

 

Regards,

Message 3 of 5
NZ74
Aspirant

Re: What is port 8443 for ?

Is there a resolution to this problem? I'm seeing the same "64-bit block cipher 3DES vulnerable to the SWEET32 attack (CVE-2016-2183)" vulnerability on my M4300 for port 8443.

 

Can I disable a feature to resolve this?

Model: GSM4352PA|M4300-52G-PoE+ - 48x1G PoE+ Stackable Managed Switch with 2x10GBASE-T and 2xSFP+ (550W PSU)
Message 4 of 5
Olivier421
Aspirant

Re: What is port 8443 for ?

Hello @NZ74 

 

i raised again a ticket to Netgear support shortly after seeing newest firmware 12.0.5.7 not fixing any vuln

https://kb.netgear.com/000064614/M4300-Firmware-Version-12-0-15-7

 

Netgear support responded me "the fix is being released in March."

I'll try it shortly after being released and will respond back here, hopefully with good news.

Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 2379 views
  • 0 kudos
  • 4 in conversation
Announcements