Network-attached storage devices provide a convenient and cost-effective means to store data and increase storage memory. However, despite being convenient, these devices may also cause significant losses if ever hacked. Recently, researchers found critical vulnerabilities in the firmware of some of the leading NAS devices. These vulnerabilities could allow an attacker to perform remote attacks and execute commands.
Critical Firmware Vulnerabilities Found In NAS Devices
Reportedly, researchers from WizCase assessed some of the leading NAS devices only to find critical security vulnerabilities. They allegedly assessed four different devices and discovered two critical flaws that could allow an attacker to perform remote code execution.
As mentioned in their report, the researchers Paulos Yibelo and Daniel Eshetu, analyzed the storage devices from WD My Book, SeaGate Home, NetGear Stora, and Medion LifeCloud NAS. Explaining their aim to conduct the research, they state,
“…is it secure enough to protect your companies data? That was the question on our mind… We focused on discovering only critical vulnerabilities that can be exploited remotely without any user interaction. Meaning, authentication bypasses weren’t enough. We wanted to execute commands on the devices remotely with the highest privileges.”
Consequently, the results they obtained gave the answer to their question.
“We were successful, in all the devices.”
As stated, the researchers found two critical flaws in the firmware of these devices that could trigger remote attacks. The first one is the XXE and Unauthenticated Remote Command Execution flaw (CVE-2018-18471 in the Axentra Hipserv NAS firmware. This firmware runs on numerous NAS devices and has also affected Netgear Stora, Seagate GoFlex Home, and Medion LifeCloud devices among the tested ones.
Besides, the other unauthenticated RCE vulnerability (CVE-2018-18472) affected some discontinued WD MyBook Live devices. Hence, Western Digital (WD) has recommended the users of these products to prevent unauthenticated remote access to their devices by configuring firewalls.
Possible Measures For Protection
Both the zero-day RCE vulnerabilities have similar impacts and may have affected around 2 million devices online. As explained by the researchers,
“The vulnerabilities allow hackers, governments, or anyone with malicious intention to read files, add/remove users, add/modify existing data, or execute commands with highest privileges on all of the devices.”
Presently, no patches are available for both the vulnerabilities. Therefore, WizCase recommends the users of the affected devices to remain vigilant for their device’s security. The users should thus make sure to use a VPN to remain hidden from potential bad actors. Moreover, they should also take care to disconnect their devices when connected to WAN.
Take your time to comment on this article.