Network storage devices (NAS), are critical for small and medium businesses as it adds to the extra storage space when these business are running out of space. Critical shortcomings have been discovered in the NAS devices such as WD my book, SeaGate home, Medion Lifecloud, Netgear Stora. This critical vulnerability allows actors to exploit the device remotely without any user interference.
Once exploited these vulnerabilities are discovered to give highest privileges on the vulnerable system. There are 2 (dubbed- CVE-2018-18472 & CVE-2018-18471) critical Zero-day vulnerabilities addressed, that affected following 4 four popular NAS devices, namely:
- Netgear Stora
- Medion LifeCloud NAS
- WD My Book
- SeaGate Home
These Vulnerabilities allows hackers to gain the some of the sensitive privileges such as read files, add/remove users, add/modify existing data, or execute commands on all the above devices. All four NAS devices tested suffer from a zero-day unauthenticated root remote command execution (preauth RCE) vulnerabilities and there are nearly 2 million affected devices online.
There is also a belief among researchers that there are likely many other NAS devices that suffer from similar vulnerabilities as there seems to be a missing pattern of expected from NAS devices.
WD MyBook Live Unauthenticated Remote Command Execution
WD MyCloud contains a remotely exploitable Vulnerability in WD MyBook Live that allows Unauthenticated Remote Command Execution.
It allows let attackers run commands on the device as root that vulnerability exists in the language change and modify functionality in the REST API.
Researchers advise all the users from following the steps to prevent from these vulnerabilities.
- If you are using one of the above devices and they are connected on the WAN, make sure to remove your device from the internet. (Make sure they are running only locally in the safe network)
Using WAF and NGFW- USP of Fortinet WAF & Next- Gen Firewall ( NGFW)
FortiWeb web application firewall (WAF)
- Protects hosted web applications from attacks that target known and unknown exploits.
- Defends applications from known vulnerabilities and zero-day threats
- Provides specialized application layer threat detection and protection for HTTP and HTTPS services
- FortiWeb’s HTTP firewall and denial-of-service (DoS) attack-prevention protects web applications from attack
- Using advance techniques we can get protection against sophisticated attacks like SQL injection and cross-site scripting (XSS) attacks.
- Also defend against threats like identity theft, financial fraud, and corporate espionage
- Enforce security policies with granular control and visibility of users and devices for thousands of discrete applications
- Identify and stop threats with powerful intrusion prevention beyond port and protocol that examines the actual content of your network traffic
- Perform high-performance SSL inspection using industry-mandated ciphers
- Proactively detect malicious unknown code using our cloud-based sandbox service
- Provide you with real-time views into network activity with actionable application and risk dashboards and reports
- Deliver superior multi-function performance by running on purpose-built appliances with custom ASICs.
Consultant at Logix Infosecurity work closely with SMEs across the sector to improve the security by making sure such vulnerabilities can be taken care of by the security tech deployed for the company.