Seagate Central NAS vulnerabilities

Vulnerabilities

  • Web application allows unauthorized modification of IP address and hostname.
  • World-writable system files allow local users to compromise configuration and perform local privilege escalation. (I’ve been informed an updated firmware patch “somewhat” mitigates this, but is unconfirmed)
  • Common root password is set on all devices and /etc/shadow is world-readable.
  • Firmware updates are vulnerable to a MITM attack. These are performed over plain HTTP and are not signed, allowing attackers to readily deliver malicious payloads.
  • The NAS supports multi-user / multi-tenant operation. The files of these users are all set, by default, to mode 777. Users are given SSH access and may readily access and modify each other’s files.
  • The device exposes a phpinfo() page to unauthorized users (information disclosure).

Firmware updates & caveat emptor

About responsible disclosure

Timeline:

--

--

--

CTO and founder of IOpipe, Inc. working on Application Operations tools for serverless applications.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Erica Windisch

Erica Windisch

CTO and founder of IOpipe, Inc. working on Application Operations tools for serverless applications.

More from Medium

Suspicious Mshta.exe Behavior — letsdefend.io Walkthrough

We Put A C2 In Your Notetaking App: OffensiveNotion

Container breakout: CAP_SYS_ADMIN via Creating a cgroup and using unshare utility

Understanding Spring4Shell