Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

Found on Help Net Security on Tuesday, 17 September 2019

In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence.

In nearly all the devices (12 of the 13), ISE achieved its goal of obtaining remote root-level access.

Six of them can be remotely exploited without authentication: the Asustor AS-602T, Buffalo TeraStation TS5600D1206, TerraMaster F2-420, Drobo 5N2, Netgear Nighthawk R9000, and TOTOLINK A3002RU.

This will only change if manufacturers can be held responsible for neglecting security. Bugs can happen, but when 12 out of 13 are exploitable by default, something is wrong.

Browse all articles« Previous « » Next »