troubleshooting Question

Security Scan Failed on Port 69 - UDP - TFTP Daemon

Avatar of btm02sf
btm02sf asked on
RoutersHardware FirewallsNetworking Hardware-Other
13 Comments1 Solution2345 ViewsLast Modified:
I have a business customer who is using a DLink DIR-825 router. Due to the nature of their transaction, the customer needs to be PCI compliant, and is using Security Metrics (securitymetrics.com) to scan their internet port for vulnerabilities.

The security scan has failed for port 69 - UDP for TFTP. Below are the details from the scan result:

Description: TFTP Traversal Arbitrary File Access

Synopsis: The remote TFTP server can be used to read arbitrary files on the remote host

Impact: The TFTP (Trivial File Transfer Protocol) server running on the remote host is vulnerable to a directory traversal attack that allows an attacker to read arbitrary files on the remote host by prepending their names with directory traversal sequences.

Data Received: SecurityMetrics was able to access a system file via the TFTP server using each of the following requests : /etc/passwd ../../../../../../../../../../etc/passwd

Resolution: Disable the remote TFTP daemon, run it in a chrooted environment, or filter incoming traffic to this port.

Risk Factor: High/ CVSS2 Base Score: 10.0

The router has the latest version of firmware/hardware. Last night I went into the advanced settings for the DLink Router, clicked on virtual server, selected port 69 and UDP and selected schedule = Never and Inbound Filter = Deny All

Yet, the security scan has failed.

I am not sure what else should I change/configure on this router in order to disable the TFTP process. It is certainly not needed, so it can be terminated any time.

Any ideas and assistance would be very much appreciated. Thank you.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 13 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 13 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros