logo

Port 161 – SNMP (Simple Network Management Protocol)

Service:

snmpd ,
AgentX

Protocol:

UDP

Port:

161

Used for:

Monitoring and managing network devices

Why It’s Open

SNMP allows administrators to monitor metrics, modify settings, and manage devices remotely — widely used in routers, switches, servers.

Common Risks

  • Default Community Strings: public and private are often unchanged.
  • Info Disclosure: Device names, interfaces, routing tables, etc.
  • Write Access: Can reconfigure or disable systems if RW access is open.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Nmap check

Terminal window
nmap -sU -p 161 --script=snmp-info


snmpwalk -v2c -c public

What to Look For

CheckpointWhat it means
public/privateDefault, easily guessable strings
Version 1/2cNo encryption, insecure
Write access enabledSerious security risk

Known Exploits

  1. CVE-2002-0012 Buffer overflow in SNMP implementations allows remote attackers to execute arbitrary code via crafted SNMP packets 🔗NVD Entry

  2. CVE-2012-6096 Net-SNMP before 5.7.2 has a vulnerability in the snmp_pdu_parse function, leading to denial of service. 🔗 NVD Entry

Mitigation

  • Use SNMPv3 with authentication and encryption.
  • Change default community strings.
  • Restrict SNMP access to trusted IPs.

Real-World Example

Misconfigured SNMP devices exposed on the internet have leaked sensitive infrastructure data, and been abused in DDoS reflection attacks.

TL;DR

  • Service: SNMP (Monitoring & Management)
  • Default Port: 161/UDP
  • Risks: Information disclosure, unauthorized access
  • Mitigation: Use strong community strings, restrict access, disable if unused