logo

Port 541 – UUCP-RLOGIN (FortiGate/UUnet Pipe)

Service:

uucp-rlogin

Protocol:

TCP

Port:

541

Used for:

FortiGate management and UUCP remote login

Why It’s Open

Port 541 is used by uucp-rlogin, a legacy Unix-to-Unix Copy Program (UUCP) remote login service, and sometimes for Fortinet FortiGate management. This service provides remote shell access and file transfer capabilities between Unix systems. It’s rarely used in modern environments but may still be found on older Unix/Linux systems or industrial control systems.

Common Risks

  • Unencrypted communications
    All data including credentials transmitted in plaintext
  • Weak authentication
    Relies on host-based trust relationships and simple passwords
  • Remote code execution
    Authenticated users can execute arbitrary commands
  • Legacy vulnerabilities
    Old implementations contain numerous security flaws
  • Privilege escalation
    Service may run with elevated privileges
  • Information disclosure
    Service may reveal system information and user accounts
  • Denial of service
    Resource exhaustion through connection flooding

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Service Detection:

Terminal window
nmap -sV -p 541
Terminal window
nc  541

UUCP Service Testing:

Terminal window
echo -e "Uucp\nquit" | nc  541 telnet  541

What to Look For

CheckpointWhat it means
Service type identificationDetermine if UUCP-RLOGIN, FortiGate, or other service
Authentication mechanismsCheck for weak or default credentials
Encryption statusVerify if communications are encrypted
Legacy vulnerabilitiesCheck for known UUCP/rlogin exploits
Access controlsTest privilege levels and command execution

Mitigation

  • Disable legacy services
    Remove UUCP and rlogin if not required
  • Use secure alternatives
    Replace with SSH, SFTP, or secure management protocols
  • Network segmentation
    Isolate systems requiring legacy protocols
  • Strong authentication
    Implement multi-factor authentication for FortiGate management
  • Encrypt communications
    Use VPN or encrypted tunnels for remote access
  • Monitor access logs
    Log all authentication attempts and system access
  • Firewall restrictions
    Block port 541 from untrusted networks

TL;DR

  • Port 541 = UUCP-RLOGIN/FortiGate management service
  • Protocol: TCP
  • Used for: FortiGate management and UUCP remote login
  • Security focus: Legacy protocol vulnerabilities and default credential risks

Known CVEs and Exploits

  • CVE‑2022‑40684 – FortiGate authentication bypass vulnerability
  • CVE‑2023‑27997 – FortiGate SSL-VPN heap-based buffer overflow
  • UUCP rlogin vulnerabilities – Historical authentication bypass in legacy UNIX implementations
  • Morris Worm exploitation – 1988 worm utilized rlogin vulnerabilities for propagation