Endpoint/Device Security, Vulnerability Management

Widespread file exposure possible with Western Digital, Synology NAS flaws

Share

Millions of Western Digital and Synology network-attached storage devices are impacted by already patched critical security flaws, which could have been leveraged to expose millions of users' files, SecurityWeek reports. Vulnerabilities impacting WD NAS devices could have been exploited to facilitate remote user file access, arbitrary code execution, and total device takeovers, according to a Claroty report. "First, we enumerate all of the devices GUID, and choose our target list. We then impersonate the device, stealing its cloud tunnel and disconnecting the device. Any requests performed to the device will now reach us, giving us the authentication tokens for the device admin," said Claroty, which has used the new permissions to enable the execution of a payload upon device reboot. Meanwhile, security bugs in Synology NAS devices were also found by researchers to enable device impersonation and force redirections to attacker-controlled devices, which could then result in credential theft and user data compromise, as well as arbitrary code execution.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.