{"id":30383,"date":"2019-09-25T17:08:41","date_gmt":"2019-09-25T17:08:41","guid":{"rendered":"https:\/\/www.digife.it\/?p=30383"},"modified":"2019-09-25T17:08:41","modified_gmt":"2019-09-25T17:08:41","slug":"the-most-popular-routers-and-nas-are-full-of-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.digife.it\/en\/the-most-popular-routers-and-nas-are-full-of-vulnerabilities\/","title":{"rendered":"Popular routers and NAS are full of vulnerabilities"},"content":{"rendered":"<p>\u00abThe battle for information security, as we know, is endless and it is unlikely that it will ever lead to an absolute victory. A recent report from the Independent Security Evaluators (ISE) organization puts the spotlight on network equipment intended for tried consumers or small businesses - specifically, 13 NAS and routers manufactured by ASUS, Buffalo, Drobo, Lenovo, Netgear, QNAP, Seagate, Synology, TerraMaster, Xiaomi, Zioncom and Zyxel.<\/p>\n<p>&nbsp;<\/p>\n<p>The results of the study are not very encouraging. Overall, 125 different vulnerabilities were found (naturally distributed among the various devices). The vulnerabilities allowed researchers to obtain root access privileges on 12 products, 6 of which without the need for authentication; and in all 13 at least one web app flaw was found, thanks to which it is possible to remotely access the shell or the management page.<\/p>\n<p>&nbsp;<\/p>\n<p>ISE has chosen the devices to be tested based (also) on their diffusion: all have been analyzed with the latest stable firmware available publicly. The company has reported all vulnerabilities to their respective manufacturers - most said they will fix the bugs as soon as possible. However, Buffalo, Drobo and Zioncom made no statements. Below is the detailed list of tested devices:<\/p>\n<p>&nbsp;<\/p>\n<p>ASUS RT-AC3200<\/p>\n<p>Asustor AS-602T<\/p>\n<p>Buffalo TeraStation TS5600D1206<\/p>\n<p>Drobo 5N2<\/p>\n<p>Lenovo ix4-300d<\/p>\n<p>Netgear Nighthawk R9000<\/p>\n<p>QNAP TS-870<\/p>\n<p>Seagate STCR3000101<\/p>\n<p>Synology DS218j<\/p>\n<p>TerraMaster F2-420<\/p>\n<p>Xiaomi Mi Router 3 (on the market since 2016)<\/p>\n<p>Zioncom TOTOLINK A3002RU<\/p>\n<p>Zyxel NSA325 v2<\/p>\n<p>&nbsp;<\/p>\n<p>As we said at the beginning of the article, it is impossible to expect a device to be completely inviolable, but the researchers at ISE note that the products tested include rather trivial vulnerabilities &quot;that would be considered unacceptable in modern web applications outside of IT environments&quot;. The researchers advise manufacturers of IoT devices to &quot;start training their developers on good security practices, and use dedicated teams, external or internal, to test the software running on the products.&quot; Some serious flaws have been observed for some time. &quot;<\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<p>#digife #website #website #ecommerce #ecommerce #webdesign #seo #digitalmarketing #graphicdesign #business #websitedesign #webdevelopment #webdesigner #branding #webdeveloper #socialmediamarketing #entrepreneur #startup #digital #malware #hacker #hacking #security #virus #cybercrime #antivirus #cyberattack #spyware<\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: right;\">Source http:\/\/bit.ly\/2kMJt77<\/p>","protected":false},"excerpt":{"rendered":"<p>\u00abThe battle for information security, as we know, is endless and will hardly ever lead to an absolute victory. A recent report by the Independent Security Evaluators (ISE) organization puts the spotlight on ...<\/p>","protected":false},"author":28,"featured_media":30384,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-30383","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-curiosita-web"},"_links":{"self":[{"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/posts\/30383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/comments?post=30383"}],"version-history":[{"count":0,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/posts\/30383\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/media\/30384"}],"wp:attachment":[{"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/media?parent=30383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/categories?post=30383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.digife.it\/en\/wp-json\/wp\/v2\/tags?post=30383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}