Have Pepwave Max Pro 5G - Failed PCI compliance scan due to port 60500 open with dangerous scripts

I can’t figure this out. The IP scan that the PCI Compliance guys ran revealed a vulnerability. On our public IP there is a remote login page of some kind showing up at https://xxx.xxx.xxx.xxx:6500 where the xx’s are our public facing IP address.

If you go to that address there is a page with this login request:

I have InControl turned off and Remote Admin turned off. I went through every other setting in the router looking for something that could be creating this login. I tried my router admin password and it does not work there.

I also power off my router and tried to pull up the page from an external computer and this page goes away when my router is powered off.

Any suggestions?

Have you tried writing a deny rule in the local services section of the firewall page?

1 Like

Could you tell us:

  1. What FW version are you using?
  2. Is it port 60500 or 6500?

You (we) probably need an authoritative response from Peplink on this one.


Latest firmware. I’m not in front of it now so I don’t remember the number. The port is 60500. Sorry for typo.

Every login to the router should be noted in the Event Log. When this appears, try to login and see if anything shows up in the Event Log.

Make sure it is your router that are talking to. On the support.cgi page create a yellow stripe across the top of the login page. The field is called Login Banner Support.

Bad guess: remote assistance?

1 Like

Hello @Ryan_McQueeney ,
We have done penetration testing on several of our public-facing Peplink routers, and neither the port numbers 60500 nor 6500 show as open at any of the multiple sites we checked.
Is it possible that something between you and your router is doing a port translation?
Happy to Help,
Marcus :slight_smile:

Hi @Michael234 Well, it would if it was configured to do so. But some log-ions, e.g., with RA on are not shown at all. Like @mldowling , we checked several different devices and did not find that port to be open. Maybe @TK_Liew or @WeiMing could shed some light on this?

1 Like

As stated in:
Firmware 8.1.2 User Manual > Appendix E. Overview of ports used by Peplink SD-WAN routers and other Peplink services (page 324)


TCP: 6500 and TCP:60500 aren’t any default services from the router.

Probably, @Ryan_McQueeney could submit a ticket for the team to investigate?

1 Like

Port translation is an excellent guess.

If it is something in the Internet rather than in the router, you could try a VPN. It may be that starting from a different public IP might produce a different result.

Better yet, if possible, take the suspect device offline, connect its WAN to a LAN port of another router and then try to get at WAN port from a device sharing the same LAN. Probably a big pain, but it does insure that the issue is with the router rather than the public Internet.

I may have been wrong. I thought the page was no longer available when I shut down my router or otherwise had it offline but now after more testing it seems the page is available even when my router is down.

I was so keyed in on this as coming from my router because it is a Peplink branded page but
I get my IP address from my landlord and now I’m wondering if they have a Peplink router.


Hello Ryan,
Why not ask them? Maybe you can help your Landlord secure their router.
Here are some guides on Minimum cyber security settings we recommend with Peplink

Out of interest, what was the IP address shown on your WAN connection, is it actually a Private IP as defined in RFC 1918 ?

Happy to Help,
Marcus :slight_smile:

1 Like