Port 2929 is registered with IANA under two names: amx-webadmin and panja-webadmin. Both refer to the same thing — the web administration interface for AMX NetLinx integrated controllers, professional audio/video control systems that manage the switching, routing, and automation of AV equipment in conference rooms, auditoriums, and large venues.1
"Panja" is the older name. AMX changed their company name to Panja in the late 1990s, then changed it back to AMX, which was later acquired by Harman (now part of Samsung). The dual registration is a fossil of that naming history, preserved in the IANA registry.2
What the Port Does
AMX NetLinx controllers are the brains behind professional AV systems — the hardware that coordinates projectors, displays, speakers, video switchers, and room control panels. The WebConsole on port 2929 provides a browser-based interface for administrators to configure, monitor, and program these controllers without running dedicated software.
In practice, this port lives in closed enterprise networks. The AV integrator sets it up, the facility manager occasionally uses it, and most IT departments barely know it exists. It has no RFC. It was registered by AMX directly with IANA.
The Range This Port Lives In
Port 2929 falls in the registered port range (1024–49151). These ports are assigned by IANA to specific services upon application, but they carry no special enforcement — any application can bind to any port in this range. Registration is a name, not a lock.3
The registered range sits between the well-known ports (0–1023, reserved for foundational Internet services) and the ephemeral ports (49152–65535, used by operating systems for temporary outbound connections). A registered port says: "this service has a home here." Whether anything actually lives there depends on what's installed on the machine.
Security History
Port 2929 has a security record worth knowing.
The Konik trojan used this port for communication. Konik is a backdoor trojan; if you see unexpected traffic on 2929, it belongs on your malware checklist alongside the legitimate AV explanation.4
CVE-2023-33294 is more alarming. KaiOS 3.0 — the operating system powering feature phones like the Nokia 2780 Flip — shipped with a binary called tctweb_server that opened a web server on port 2929. This server ran as root. It accepted arbitrary bash commands. And because it returned Access-Control-Allow-Origin: * with every response, every website and installed app on the device could reach it through the browser.
From any webpage, an attacker could read files, retrieve user data, modify system properties, or destroy the device entirely by triggering the kill switch. The server was removed in KaiOS 3.1.5
This is what happens when a test/debug tool ships in a production image. The port number was incidental — any port would have been dangerous. But 2929 is now in the CVE record.
Checking What's Listening
If you see port 2929 open on a machine, here's how to find out what's actually using it:
macOS / Linux:
Windows:
Network scanning (from another machine):
If the answer isn't AMX NetLinx or something you deliberately installed, treat it as suspicious.
Why Unassigned-Looking Ports Matter
Most registered ports exist in obscurity. They were registered by companies for internal tools, industrial systems, or long-discontinued software. The IANA registry contains thousands of entries like AMX-WEBADMIN — technically assigned, practically unknown to the majority of network engineers.
This matters for two reasons. First, security scanners and firewalls that only block "well-known" ports leave this entire middle range underexamined. Second, malware authors know this — an unfamiliar port number draws less scrutiny than port 80 or 443.
A port you don't recognize is a door you haven't thought about. That's worth thinking about.
Cette page vous a-t-elle été utile ?