‘Older Nas systems from WD, Netgear, Seagate and Medion contain rce leak’

Spread the love

Two security researchers claim they can remotely take over NAS systems from Western Digital, Netgear, Seagate and Medion. There are no patches yet for the remote code execution vulnerabilities that make this possible.

According to the researchers, Paulos Yibelo and Daniel Eshetu, the My Book systems are from WD, Netgear Stora, Seagate GoFlex Home and Medion LifeCloud. They do not state whether the vulnerabilities exist in a particular firmware version. In the case of the last three manufacturers, the vulnerabilities are related to leaks in the Hipserv software used by the company Axentra. These make it possible to remotely execute code on a device and thus take it over. In all cases, this only requires knowledge of the IP address, claim the researchers.

Although it seems to be fairly old devices, according to TechCrunch, many are still connected to the internet. A Shodan search would point to more than 300,000 devices, while a ZoomEye search returns a number of 1.8 million devices. Only Western Digital responded to questions from the site, which had access to the researchers’ analysis before publication. The company states that these are devices that were introduced in 2010 and for which support ended in 2014. The company’s advice is to place vulnerable devices behind a firewall.

The researchers recommend that affected users no longer keep the devices connected to the internet and only make them accessible via the local network. No patches have been made available yet. Although the researchers tell TechCrunch they do not want to publish an exploit for the vulnerabilities, it is often only a matter of time before the vulnerabilities are attacked. The vulnerabilities found by the researchers are labeled CVE-2018-18471 and CVE-2018-18472.

You might also like