HackDig : Dig high-quality web security articles for hacker

Seagate Central NAS vulnerabilities

2015-10-19 22:35
I have contacted Seagate regarding the following and was twice informed of
a 90-day window for disclosure. I followed up to no response and have
decided, following the culmination of those 90-days, to publish.

The fact that embedded devices are vulnerable is not new. This is really
not newsworthy, but perhaps we can aim higher? The Central NAS is not
Seagate’s most popular model, but it does share code with other, more
popular products such as the BlackArmor range.


- Web application allows unauthorized modification of IP address and
- World-writable system files allow local users to compromise
configuration and perform local privilege escalation. (I’ve been informed
an updated firmware patch “somewhat” mitigates this, but is unconfirmed)
- Common root password is set on all devices and /etc/shadow is
- Firmware updates are vulnerable to a MITM attack. These are performed
over plain HTTP and are not signed, allowing attackers to readily deliver
malicious payloads.
- The NAS supports multi-user / multi-tenant operation. The files of
these users are all set, by default, to mode 777. Users are given SSH
access and may readily access and modify each other’s files.
- The device exposes a phpinfo() page to unauthorized users (information

These issues were really low-hanging-fruit. I’m certain a number of
remaining issues have yet to be discovered here, but for myself, I’m done.

Finally, see the following blog post for more detail and a timeline of
communications with the vendor:


Eric Windisch

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 08/tcO/5102/erusolcsidlluf/gro.stsilces

Read:4653 | Comments:0 | Tags:No Tag

“Seagate Central NAS vulnerabilities”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud