Skip to main content

Popular routers and NAS are full of vulnerabilities

By 25 September 2019No Comments

«The battle for information security, as we know, is endless and it is unlikely that it will ever lead to an absolute victory. A recent report from the Independent Security Evaluators (ISE) organization puts the spotlight on network equipment intended for tried consumers or small businesses - specifically, 13 NAS and routers manufactured by ASUS, Buffalo, Drobo, Lenovo, Netgear, QNAP, Seagate, Synology, TerraMaster, Xiaomi, Zioncom and Zyxel.


The results of the study are not very encouraging. Overall, 125 different vulnerabilities were found (naturally distributed among the various devices). The vulnerabilities allowed researchers to obtain root access privileges on 12 products, 6 of which without the need for authentication; and in all 13 at least one web app flaw was found, thanks to which it is possible to remotely access the shell or the management page.


ISE has chosen the devices to be tested based (also) on their diffusion: all have been analyzed with the latest stable firmware available publicly. The company has reported all vulnerabilities to their respective manufacturers - most said they will fix the bugs as soon as possible. However, Buffalo, Drobo and Zioncom made no statements. Below is the detailed list of tested devices:



Asustor AS-602T

Buffalo TeraStation TS5600D1206

Drobo 5N2

Lenovo ix4-300d

Netgear Nighthawk R9000


Seagate STCR3000101

Synology DS218j

TerraMaster F2-420

Xiaomi Mi Router 3 (on the market since 2016)

Zioncom TOTOLINK A3002RU

Zyxel NSA325 v2


As we said at the beginning of the article, it is impossible to expect a device to be completely inviolable, but the researchers at ISE note that the products tested include rather trivial vulnerabilities "that would be considered unacceptable in modern web applications outside of IT environments". The researchers advise manufacturers of IoT devices to "start training their developers on good security practices, and use dedicated teams, external or internal, to test the software running on the products." Some serious flaws have been observed for some time. "


#digife #website #website #ecommerce #ecommerce #webdesign #seo #digitalmarketing #graphicdesign #business #websitedesign #webdevelopment #webdesigner #branding #webdeveloper #socialmediamarketing #entrepreneur #startup #digital #malware #hacker #hacking #security #virus #cybercrime #antivirus #cyberattack #spyware



Can we help you? Chat