The Scary TCP32764 backdoor

Posted on Apr 29, 2014

I won’t say too much about this backdoor, it basically happens on your router/gateway which accepts a TCP connection on port 32764 Eloi Vanderbeken @elvanderb found this vulnerability last year in December and even though Netgear and Dlink have stated it’s *patched* they actually just disabled it.

I’ve made a small .NET tool which checks to see if you actually are vulnerable to this backdoor the source code can be found on github.

Download:

TCP32764_Tool.zip TCP32764

Further reading and resources:

http://github.com/elvanderb/TCP-32764