Network-attached storage devices provide a convenient and
cost-effective means to store data and increase storage memory. However,
despite being convenient, these devices may also cause significant
losses if ever hacked. Recently, researchers found critical
vulnerabilities in the
firmware
of some of the leading NAS devices. These vulnerabilities could allow
an attacker to perform remote attacks and execute commands.
Critical Firmware Vulnerabilities Found In NAS Devices
Reportedly, researchers from WizCase assessed some of the leading NAS
devices only to find critical security vulnerabilities. They allegedly
assessed four different devices and discovered two critical flaws that
could allow an attacker to perform
remote code execution.
As mentioned in their
report,
the researchers Paulos Yibelo and Daniel Eshetu, analyzed the storage
devices from WD My Book, SeaGate Home, NetGear Stora, and Medion
LifeCloud NAS. Explaining their aim to conduct the research, they state,
“…is it secure enough to protect your companies data?
That was the question on our mind… We focused on discovering only
critical vulnerabilities that can be exploited remotely without any user
interaction. Meaning, authentication bypasses weren’t enough. We wanted
to execute commands on the devices remotely with the highest
privileges.”
Consequently, the results they obtained gave the answer to their question.
“We were successful, in all the devices.”
As stated, the researchers found two critical flaws in the firmware
of these devices that could trigger remote attacks. The first one is the
XXE and Unauthenticated Remote Command Execution flaw (CVE-2018-18471
in the Axentra Hipserv NAS firmware. This firmware runs on numerous NAS
devices and has also affected Netgear Stora, Seagate GoFlex Home, and
Medion LifeCloud devices among the tested ones.
Besides, the other unauthenticated RCE vulnerability (CVE-2018-18472)
affected some discontinued WD MyBook Live devices. Hence, Western
Digital (WD) has recommended the users of these products to prevent
unauthenticated remote access to their devices by configuring firewalls.
Possible Measures For Protection
Both the zero-day RCE vulnerabilities have similar impacts and may
have affected around 2 million devices online. As explained by the
researchers,
“The vulnerabilities allow hackers, governments, or
anyone with malicious intention to read files, add/remove users,
add/modify existing data, or execute commands with highest privileges on
all of the devices.”
Presently, no patches are available for both the vulnerabilities.
Therefore, WizCase recommends the users of the affected devices to
remain vigilant for their device’s security. The users should thus make
sure to use a VPN to remain hidden from potential bad actors. Moreover,
they should also take care to disconnect their devices when connected to
WAN.
Take your time to comment on this article.
Abeerah has been a passionate blogger for
several years with a particular interest towards science and technology.
She is crazy to know everything about the latest tech developments.
Knowing and writing about cybersecurity, hacking, and spying has always
enchanted her. When she is not writing, what else can be a better
pastime than web surfing and staying updated about the tech world! Reach
out to me at: abeerah@latesthackingnews.com
#ref-menu