The Broadband Guide
SG
search advanced

Vulnerable Ports

This list (a very small part of our SG Ports database) includes TCP/UDP ports currently tested by our Security Scanner, and corresponding potential security threats. We update the list on a regular basis, however if you feel we should add other port(s) to the list or modify their descriptions, please . Any feedback and suggestions can also be posted to our Security forum.

 1 |....| 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 |....| 54 
Port(s) Protocol Service Scan level Description
 10094 tcp,udp games not scanned Football Manager 2005
 10099 tcp trojans Premium scan W32.Mytob.FX@mm [Symantec-2005-062313-5401-99] - mass-mailing worm that opens a backdoor and listens for remote commands on port 36311/tcp, also runs an FTP server on port 10099/tcp.
 10100 tcp,udp trojans not scanned Backdoor.Ranky.O [Symantec-2004-122417-2948-99], Control Total, GiFt trojan, Scalper, Slapper

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
References: [CVE-2023-1133]
 10101 tcp trojan Premium scan BrainSpy trojan
 10102 tcp backdoor Premium scan Backdoor.Staprew.B [Symantec-2005-050215-0935-99] (2005.05.02) - backdoor program, contacts the lowesapr.net domain on port 10102/tcp with the IP of the compromised computer and a number of the random tcp port of the backdoor.

Backdoor.Urat [Symantec-2003-063013-1558-99] (2003.06.30) - allows unauthorized access to an infected computer. This Trojan Horse opens port 10102 to communicate with the attacker.

Port is also IANA registered for eZproxy
 10102 udp playfi not scanned Play-Fi from DTS may broadcast on port 10102/UDP to discover speakers/devices.
 10103 tcp trojan Premium scan Backdoor.Tuimer [Symantec-2005-031715-1256-99]
 10104 udp trojans not scanned Backdoor.Lowtaper [Symantec-2004-101411-3637-99] - remote access trojan, affects Windows, uses ports 24681/tcp and 10104/udp
 10109 tcp vmware not scanned VMware vSphere vCenter Inventory Service Service Management
 10110 tcp,udp nmea-0183 not scanned Backdoor.Win32.Prexot.a / Authentication Bypass - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110. Third-party attackers who can reach an infected system can logon using any username/password combination.
References: [MVID-2022-0484]

Backdoor.Win32.Prexot.a / Port Bounce Scan (MITM) - the malware listens on random high TCP ports e.g 11404, 19545, 17001, 10110 and accepts any credentials. Third-party intruders who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2022-0485]

NMEA-0183 Navigational Data (IANA official)
 10111 udp nmea-onenet not scanned NMEA OneNet multicast messaging [National Marine Electronics Association] (IANA official)
 10111 tcp vmware not scanned VMware vSphere vCenter Inventory Service Linked Mode Communication
 10113 tcp,udp netiq-endpoint not scanned NetIQ Endpoint (IANA official)
 10114 tcp,udp netiq-qcheck not scanned NetIQ Qcheck (IANA official)
 10115 tcp,udp netiq-endpt not scanned NetIQ Endpoint (IANA official)
 10116 tcp,udp netiq-voipa not scanned NetIQ VoIP Assessor (IANA official)
 10117 tcp,udp iqrm not scanned NetIQ IQCResource Managament Svc (IANA official)
 10123 tcp sccm not scanned SCCM (System Center Configuration Manager) Microsoft software management suite uses port 10123 for client notifications
 10128 tcp applications not scanned Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.
References: [CVE-2007-2136], [BID-23557]

Port is also IANA registered for BMC-Perform-Service Daemon
 10129 tcp bmc-gms not scanned BMC General Manager Server
 10137 udp applications not scanned Avaya WinPDM is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the MwpCsi.exe service. By sending an overly long string to UDP port 10137, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [XFDB-67604] [BID-47947]
 10138 udp applications not scanned Avaya WinPDM is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by PMServer.exe service. By sending an overly long string to UDP port 10138, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
References: [XFDB-67605], [BID-47947]
 10155 tcp rsync not scanned Plesk rsync custom migrator service for misc tasks (Windows only) uses port 10155/tcp
 10156 tcp rsync not scanned Plesk rsync server migration (Windows only) uses port 10156/tcp
 10161 tcp snmptls not scanned SNMP-TLS [RFC 6353] (IANA official)
 10161 udp snmpdtls not scanned SNMP-DTLS [RFC6353] (IANA official)
 10167 udp trojans not scanned Portal of Doom (coded in Visual Basic, 03.1999) is a popular remote access trojan that uses ports 3700/tcp, 9872-9875/tcp, 10067/udp, 10167/udp.
 10168 tcp trojans Premium scan W32.HLLW.Lovgate [Symantec-2003-021916-4352-99] - a worm with backdoor trojan capabilities. Affects all current Windows versions.
 10172 tcp applications not scanned Intuit Quickbooks client
 10194 tcp twilio not scanned Twilio Client WebRTC uses port 10194 TCP for signaling to chunderm.gll.twilio.com

 10196 udp games not scanned Tom Clancy's Splinter Cell: Conviction, developer: Ubisoft Montreal
 10200 tcp,udp trisoap not scanned NetFone, FRISK Software International's fpscand virus scanning daemon for Unix platforms (TCP)

A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe.
References: [CVE-2020-5778], [CVE-2020-5779]

Trigence AE Soap Service (IANA official)
 10201 tcp rsms not scanned Remote Server Management Service, FRISK Software International's f-protd virus scanning daemon for Unix platforms
 10201 udp rscs not scanned Remote Server Control and Test Service (IANA official)
 10212 tcp applications not scanned Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624.
References: [CVE-2013-2785]

Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.
References: [CVE-2014-0751], [BID-65117]
 10241 tcp games not scanned Aion
 10243 tcp,udp wmp not scanned Windows Media Player Network Sharing Service
 10250 tcp,udp applications not scanned The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
References: [CVE-2020-8551]

A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940b0. During installation of OpenShift Container Platform 4 clusters, bootstrap nodes are provisioned with anonymous authentication enabled on kubelet port 10250. A remote attacker able to reach this port during installation can make unauthenticated `/exec` requests to execute arbitrary commands within running containers. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References: [CVE-2021-20198]
 10253 udp eapol-relay not scanned Relay of EAPOL frames (IANA official)
 10255 tcp,udp applications not scanned The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
References: [CVE-2020-8551]
 10261 tcp tile-ml not scanned IANA registered for: Tile remote machine learning
 10301 tcp applications not scanned VoiceIP-ACS UMP default device provisioning endpoint
 10302 tcp applications not scanned VoiceIP-ACS UMP default device provisioning endpoint (SSL)
 10308 tcp,udp applications not scanned Lock On
DCS Black Shark
Digital Combat Simulator Dedicated Server
 10426 tcp applications not scanned Backdoor.Win32.Agent.cu / Authentication Bypass RCE - the malware listens on TCP ports 10426, 56185. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2021-0303]
 10439 udp bngsync not scanned BalanceNG session table synchronization protocol - a Software IP Load Balancing Solution utilising its own network stacks and functionality. [Inlab_Software_GmbH] (IANA official)
 10443 tcp,udp dogtag Premium scan Commonly used as an alternate SSL port.

VMware vSphere vCenter Inventory Service HTTPS
Fortinet SSL VPN default alternate port
Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure)

IANA registered for: CirrosSP Workstation Communication (TCP)
 10468 udp applications not scanned Flyer - discovery protocol
 10480 udp games not scanned Swat 4
 10481 udp games not scanned Swat 4
 10482 udp games not scanned Swat 4
 10483 udp games not scanned Swat 4
 10498 udp trojan not scanned Mstream trojan
DDOS Communication also uses this port
 10500 udp hip-nat-t not scanned HIP NAT-Traversal [RFC 5770] (IANA official)
 10500 tcp worm Premium scan Dark Ages of Camelot game uses TCP ports 1280,10500,10622 TCP and a dynamic UDP port (1024-65535 range)

W32.Linkbot.H [Symantec-2005-011210-3257-99] (2005.01.12) - a worm that exploits the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin [MS04-011]) in order to propagate. It also creates a back door on the system accessible through IRC.
 10514 udp applications not scanned A vulnerability has been reported in WinSyslog, which can be exploited to cause a DoS (Denial of Service) on a vulnerable syslog server.

The vulnerability is caused due to an error when the interactive syslog server receives and displays syslog events. This can be exploited by sending UDP datagrams containing arbitrary, overly large amounts of data to the interactive server (default port 10514/udp), which will cause it to freeze and halt the OS.
References: [SECUNIA-10004]
 10520 tcp trojan Premium scan Acid Shivers trojan
 10528 tcp trojan Premium scan Host Control trojan
 10529 tcp,udp applications not scanned Buzz 3D VideoChat
 10532 udp games not scanned Commandos 3: Destination Berlin
 10548 tcp serverdocs not scanned Apple Document Sharing (IANA official)
 10554 tcp applications not scanned On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.
References: [CVE-2017-8223], [XFDB-125410]
 10578 tcp games not scanned Skyrim Together multiplayer server for the The Elder Scrolls V: Skyrim mod.
 10600 tcp,udp applications not scanned OpenWengo
 10602 tcp,udp applications not scanned OpenWengo
 10607 tcp trojan Premium scan Coma trojan
 10616 tcp applications not scanned Stack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2.5 allows remote attackers to execute arbitrary code via certain data on TCP port 10616 that results in a long argument to the SEARCHREPORT command.
References: [CVE-2007-5699], [BID-26189]
 10618 tcp applications not scanned The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a &CONNECTSERVER&, &ADDENTRY&, &FIN&, &START&, &LOGPATH&, &FWADELTA&, &FWALOG&, &SETSYNCHRONOUS&, &SETPRGFILE& or &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference.
References: [CVE-2007-0228], [BID-21994]
 10622 tcp games Premium scan Dark Ages of Camelot game uses TCP ports 1280,10500,10622 TCP and a dynamic UDP port (1024-65535 range)
 10631 tcp printopia not scanned Port to allow for administration and control of "Printopia" application software, which provides printing services to mobile users [Ecamm Network LLC] (IANA official)
 10651 tcp applications not scanned TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
References: [CVE-2011-2963], [BID-46907]

The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.
References: [CVE-2014-0778], [XFDB-92615]
 10666 udp trojan not scanned Zandronum game servers use port 10666 TCP/UDP for games like multiplayer Doom.

Malware using this port: Ambush trojan, Roxrat backdoor
 10700 tcp,udp applications not scanned KDX Server
 10752 tcp backdoor Members scan Backdoor. One of the many Linux mountd (port 635) exploits installs its backdoor at this port. Origin??? 10751 = 0x2a00, where 0x2a = 42 (proposed by Darren Reed)
The bx.c IRC exploit puts a root shell backdoor listening at this port.
The ADM named v3 attack puts a shell at this port.
 10777 applications not scanned Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777.
References: [CVE-2002-1507]
 10800 tcp,udp gap not scanned Touhou fight games (Immaterial and Missing Power, Scarlet Weather Rhapsody, Hisoutensoku, Hopeless Masquerade and Urban Legend in Limbo) (TCP)

IANA registered for: Gestor de Acaparamiento para Pocket PCs
 10809 tcp nbd not scanned Linux Network Block Device
 10810 udp nmc-disc not scanned Nuance Mobile Care Discovery
 10823 tcp,udp applications not scanned Farming-Simulator
 10836 tcp applications not scanned configurable-world-domination-game multiplayer server
 10860 tcp,udp helix not scanned Helix Client/Server
 10880 tcp,udp bveapi not scanned BVEssentials HTTP API [Tri_Tech_Computers_Ltd] (IANA official)
 10887 tcp trojan Premium scan BDDT trojan
 10888 tcp trojans Premium scan Trojan.Webus.C [Symantec-2004-101212-0903-99] (2004.10.12) - remote access trojan. Affects all current Windows versions. Connects to an IRC server (on port 8080) and opens a backdoor on TCP port 10888 or 1080.
 10889 tcp trojan Premium scan BDDT trojan
 10891 tcp applications not scanned Jungle Disk (this port is opened by the Jungle Disk Monitor service on the localhost)
 10933 tcp octopustentacle not scanned Octopus Deploy Tentacle deployment agent (IANA official)
 10975 tcp,udp games not scanned TOCA Race Driver 2
 11000 tcp,udp applications Premium scan Port used by Cisco Border Gateway Protocol, Microsoft Visual Studio, .Net Framework, SCInterface, Video Insight Health Monitor.

Games using this port: Everquest Online Adventrures, The Matrix Online, The Matrix Online (TCP), Archlord, Subnautica multiplayer mod Nitrox

Malware using this port: Senna Spy Trojan Generator, DataRape
 11001 tcp,udp metasys not scanned Metasys (IANA official)
 11002 tcp,udp games not scanned Archlord, developer: NHN Games Corporation
 11008 tcp,udp games not scanned Archlord, developer: NHN Games Corporation
 11010 tcp applications not scanned mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
References: [CVE-2018-11517]
 11011 tcp trojan Premium scan Amanda trojan
 11031 tcp,udp games not scanned Heroes of Newerth
 11050 tcp trojan Premium scan Host Control trojan
 11051 tcp trojan Premium scan Host Control trojan
 11080 tcp,udp dogtag not scanned Dogtag Certificate System authority uses port 9080 (ca) and port 9443 (secure ca) by default.
Dograg Certificate PKI Subsystems may also use:
DRM - ports 10080 (drm) and 10443 (drm secure)
OCSP - ports 11080 (ocsp) and 11443 (ocsp secure)
RA - ports 12888 (ra) and 12889 (ra secure)
TKS - ports 13080 (tks) and 13443 (tks secure)
TPS - ports (tps) 7888 and 7889 (tps secure)
 11092 tcp malware not scanned Backdoor.Win32.Agent.ggw / Authentication Bypass - the malware runs a built-in FTP server listening on one of several random TCP ports like 32335, 27227, 27942, 14223, 14988, 11092. Third-party attackers who can reach the server and that know or guess the port can "logon" using any USER/PASS combination or provide no credentials at all.
References: [MVID-2021-0193]
 11095 udp weave not scanned device-to-service application protocol [Nest_Labs_Inc] (IANA official)

Vulnerabilities listed: 100 (some use multiple ports)
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About