Hard drive manufacturer sets hardcoded credentials in wireless devices.
CERT warns of a series of vulnerabilities in disk drives from Seagate and one is (unfortunately not) striking. You simply can remotely login to the NAS with username root with the password root. This de facto backdoor is not updated their users need to update firmware to fix this.
These are devices under the flag Seagate Wireless Plus Mobile Storage, Seagate and LaCie Wireless Mobile Storage FUEL. Users of these devices need to update the firmware to version 3.4.1.105.
Broad access to files
Thanks to a second vulnerability (CVE-2015-2875) receive attackers under the default configuration download rights to the file system. And via a third vulnerability (CVE-2015-2876)could include the default configuration anyone to upload files to / media / sda2, allowing attackers files can substitute for their own version as malware packed with.
No comments:
Post a Comment