125 Security Vulnerabilities Found in 13 Routers and NAS Devices

Researchers assessing the security state of 13 routers and network-attached storage devices discovered 125 vulnerabilities, some of them remotely exploitable without authentication. Almost all tested gadgets had at least one security flaw that could be used by a remote attacker to access the administrative panel.

The experiment is a reiteration of the SOHOpelessly Broken research in 2013 when consulting firm Independent Security Evaluators (ISE) found 52 new vulnerabilities in 13 small office/home office (SOHO) routers and wireless access points. This discovery marked the start of the eponymous hacking competition at the DEF CON conference.

The latest research focused on products from different manufacturers intended for the average consumer as well as enterprise use. Devices from established and reputable brands were included. Among them are Synology, Asus, Zyxel, Seagate, QNAP, Lenovo, and Xiaomi. Some of the gadgets had been evaluated by the researchers before.

On 12 of the connected devices they tested, the researchers gained access with the highest permission level, which translates to taking complete control of the target. It’s important to note that the targets had the latest supported publicly-available firmware and the experiment was carried on “out-of-the-box” configuration with the recommended security settings turned.

“For example, NASes will typically enable file sharing-protocols, and routers may enable services such as UPnP that are designed to facilitate intra-network device communication,” the researchers explain, adding that they tried to mimic the behavior of a normal user, who typically relies on the configuration made during initial setup.

In their endeavor, the evaluators broke their assessment process into four steps, which included getting to know the target as best as possible, learning its active services and mapping the attack surface, gaining access, and ended with developing an exploit. The focus fell on network-accessible services since the purpose was a remote compromise.

To demonstrate the validity of their findings, the researchers created proof-of-concept (PoC) code that defeats the security measures from the manufacturers. This was shared with the manufacturers, many of them acknowledging the vulnerabilities and collaborated with ISE to mitigate these issues.

The risks highlighted by this research show that the security controls manufacturers implemented in their products are insufficient to hold hackers back. Supplemental security solutions that protect the local network perimeter (including our own Bitdefender BOX) are, for the time being, the best chance to prevent remote parties from breaking into your local wires and to strengthen the security settings for all devices on the network.

Image credit: MediaDS