speedguide.net  

Port 2121 Details


known port assignments and vulnerabilities
threat/application/port search:
 search
Port(s) Protocol Service Details Source
2121 tcp,udp scientia-ssdb FTP proxy uses port 2121 (TCP).

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
References: [CVE-2018-11311], [EDB-44656]

Backdoor.Win32.Burbul.b / Anonymous Logon - backdoor Burbul.b listens on TCP port 2121 allowing anonymous logon credentials to access the infected host E.g. USER anonymous PASS anonymous.
References: [MVID-2021-0093]

Worm.Win32.Busan.k / Insecure Communication Protocol - Busan.k launches a windows cmd console on the infected host so that it can send and receive messages back and forth over TCP port 2121. The worm uses unencrypted plaintext socket communication allowing anyone who can sniff network traffic to read any communications sent or retrieved. This can disclose sensitive information to third-party well positioned attackers.
References: [MVID-2021-0185]

Backdoor.Win32.Hupigon.aejq / Port Bounce Scan - the malware listens on TCP port 2121, its FTP component accepts any username/password credentials. Third-party attackers who successfully logon can abuse the backdoor FTP server as a man-in-the-middle machine allowing PORT Command bounce scan attacks using Nmap. This vulnerability allows remote attackers to abuse your system and discreetly conduct network port scanning. Victims will then think these scans are
originating from the infected system running the afflicted malware FTP Server and not you.
References: [MVID-2021-0330]

Backdoor.Win32.Hupigon.aejq / Authentication Bypass RCE - the malware runs an FTP server on TCP port 2121. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders may then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2021-0329]

Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password - the ProSpy Server V1.9 malware runs an FTP component that listens on TCP port 2121. The FTP server requires authentication for remote user access. However, the username and password both use the word "special" which is both weak and hardcoded in plaintext within the executable.
References: [MVID-2021-0360]

Backdoor.Win32.Agent.Amt / Authentication Bypass - The malware can run an FTP server which listens on TCP port 2121. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders can then upload executables using ftp PASV, STOR commands, this can result in remote code execution.
References: [MVID-2024-0673]

SCIENTIA-SSDB (IANA official)		 SG
2121 tcp ccproxy-ftp CCProxy FTP Proxy Nmap
2121 tcp,udp scientia-ssdb SCIENTIA-SSDB IANA
3 records found
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About