14 DAY TRIAL // Security researchers from Tripwire have identified a number of critical vulnerabilities in the firmware of Netgear ReadyNAS storage devices. Netgear has already released patches for many of the flaws, but most users still haven’t updated their firmware.
The vulnerabilities affect ReadyNAS RAIDiator firmware versions 4.2.x prior to 4.2.24 and 4.1.x prior to 4.1.12. However, when Netgear released updates, it hadn’t provided any details to make users understand that it is important to patch their installations.
TripWire’s Craig Young has identified over 10,000 devices running the vulnerable version of the firmware. The expert says that around 73% of the appliances connected to the Internet have not been patched.
So how can cybercriminals exploit the vulnerabilities and what can they accomplish? According to Young, the most serious security hole plagues the Frontview HTTPS web management interface.
The flaw exists because user input is not sanitized properly so an attacker can inject his own commands. The worst part is that no authentication is required for this exploit.
“The consequence is that an unauthenticated HTTP request can inject arbitrary Perl code to run on the server. Naturally, this includes the ability to execute commands on the ReadyNAS embedded Linux in the context of the Apache web server,” the expert noted in a blog post.
“Frontview is the primary user interface for ReadyNAS and as such it cannot be disabled or blocked through any configuration options, so there were no obvious mitigation strategies. The impact is partly mitigated by the fact that Apache does not run as root, however a poorly configured file system ensures that elevation of privilege is possible.”
Cybercriminals can exploit the vulnerability by tricking victims into opening a specially crafted web page or email message. If the attack is successful, the hacker can gain full access to the system.
Additional technical details on the vulnerabilities are available in an advisory published on Tripwire’s website.