Submitted via IRC for Bytram
125 New Flaws Found in Routers and NAS Devices from Popular Brands
Believe me, there are over 100 ways a hacker can ruin your life just by compromising your wireless router—a device that controls the traffic between your local network and the Internet, threatening the security and privacy of a wide range of wireless devices, from computers and phones to IP Cameras, smart TVs and connected appliances.
In its latest study titled "SOHOpelessly Broken 2.0," Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) devices, likely affecting millions.
"Today, we show that security controls put in place by device manufacturers are insufficient against attacks carried out by remote adversaries. This research project aimed to uncover and leverage new techniques to circumvent these new security controls in embedded devices," the researchers said.
[...]SOHO routers and NAS devices tested by the researchers are from the following manufacturers:
- Buffalo
- Synology
- TerraMaster
- Zyxel
- Drobo
- ASUS and its subsidiary Asustor
- Seagate
- QNAP
- Lenovo
- Netgear
- Xiaomi
- Zioncom (TOTOLINK)
According to the security researchers, all of these 13 widely-used devices they tested had at least one web application vulnerability that could allow a remote attacker to gain remote shell access or access to the administrative panel of the affected device.
(Score: 4, Interesting) by Snospar on Friday September 27 2019, @07:54AM (3 children)
I read the article (I know, I know) to see what the issues with the Synology kit were and they list the device in a table with no ticks against any of the vulnerabilities. They're also using an old version of the system software. Not very helpful or useful but I'm sure plenty of Synology owners will click through just like me.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 3, Interesting) by zocalo on Friday September 27 2019, @09:10AM (2 children)
UNIX? They're not even circumcised! Savages!
(Score: 5, Insightful) by https on Friday September 27 2019, @07:41PM (1 child)
Did you miss the part in the article in which they explicitly said that they had addressed this?
Did you also miss the chart showing that they were not able to get past the protections of the Synology DS218j? Not even so much as a buffer overflow?
Offended and laughing about it.
(Score: 3, Touché) by zocalo on Saturday September 28 2019, @08:52AM
UNIX? They're not even circumcised! Savages!