Service:
Protocol:
TCPPort:
32400Used for:
Stream media collections (movies, TV shows, music, photos) across devicesWhy It’s Open
Port 32400 is commonly found open on systems running Plex Media Server, a popular service for streaming personal media libraries (movies, photos, music) across devices. This port allows external and internal clients (like phones, smart TVs, or web browsers) to connect to the Plex server for streaming and management.
Common Risks
Although Plex is widely used for personal media streaming, leaving port 32400 exposed—especially to the public internet—can result in:
🎯 Unauthorized Access
If improperly configured, attackers may access the Plex server or enumerate available media without authentication.
🔍 Information Disclosure
Misconfigured servers might leak metadata such as server name, library content, device info, or even IP addresses of connected clients.
🐞 Known Vulnerabilities
Exposed Plex servers running outdated software may be vulnerable to remote code execution, authentication bypass, or API abuse.
📡 Attack Surface Expansion
Exposing this port creates a potential entry point into your internal network, especially if UPnP or NAT-PMP is enabled.
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open
nmap -sT -p 32400 <target-ip>
Access Web Interface
Open http://<target-ip>:32400/web in a browser to check if the Plex dashboard is publicly reachable.
📜 Enumerate with curl
curl http://<target-ip>:32400
Look for headers like X-Plex-Device, X-Plex-Version, or XML/JSON output that may reveal configuration details.
What to Look For
| Checkpoint | What It Means |
|---|---|
| Port 32400 open externally | Plex Media Server is accessible from the internet |
| No authentication required | Anyone can browse or interact with media content |
| Plex version leaked | Server reveals software version, aiding targeted attacks |
| Outdated Plex installation | May be vulnerable to known exploits |
Mitigation
🛡️ Restrict Port Access: Use firewall rules to block port 32400 from public IP ranges and only allow local or VPN access.
🔒 Enforce Secure Authentication: Require Plex account sign-in for all clients and disable “Guest” or anonymous access.
🔁 Keep Plex Up-to-Date: Regularly apply updates to the Plex Media Server to patch vulnerabilities.
🔧 Disable Remote Access: If you don’t need to stream outside your home network, disable remote access in Plex settings.
📛 Disable UPnP/NAT-PMP: Avoid auto-opening ports on your router, which can lead to unintended exposure.
Known CVEs and Exploits
- CVE-2020-5741: Plex Media Server unauthenticated API access and info leak.
- CVE-2018-13415: Directory traversal vulnerability in Plex allowing file access outside media folders.
- Exploit – Plex RCE via Subtitle Parsing: Remote code execution through crafted subtitle files on outdated Plex servers.