Nice catch. I'm not sure the application in question is /usr/local/bin/upnp_nas_device, as deleting it doesn't close the hole. Stopping apache doesn't close the hole either.
49152 is the first dynamic port, so google isn't going to tell me what's likely to be running on it. Removed startup script for upnp_device and it doesn't seem to have broken anything, but the hole remains open.
No further ideas
edit: Well, that was thick. The port is closed, but iceweasel kept the file in cache, and consequently I didn't notice when it shut. I think that the following will close this hole, but I'd appreciate someone checking as I spent a while playing with nmap and changing services before remembering cache exists.
mv /usr/local/bin/upnp_nas_device /root/ #move the offending file to /root
mv /etc/init.d/upnp_nas /root/ #move the offending startup script to /root
update-rc.d upnp_nas remove #kill all references to the script
So, does anyone know what the binary was supposed to be doing? Mediatomb has survived this abuse, as has samba.
Edit: I started a new thread on the WD community forums. Link. In case it goes the way of the previous one,
That IS the DLNA interface. And that's a MAJOR bug.