back to article Vulns out of the box: 12 in 13 small biz network devices terribly insecure by default – research

A new report has suggested that 12 out of 13 network devices, such as routers and network-attached storage appliances, are vulnerable to hacks that enable "root-privileged access without any authentication". Security consultants ISE took a look at devices from well-known vendors including Buffalo, Synology, Zyxel, Drobo, Asus …

  1. LeahroyNake

    I had to Google

    DNS rebinding. Seems like a bit of a long shot to be honest especially if you have your own DNS server and Web protection in place.

    Still it is no excuse for these devices to be vulnerable. The article was also sparse on QNAP details, are they the worst? Doubt it could traverse the subnet but.... Asking for a friend.

    1. Sandtitz Silver badge

      Re: I had to Google

      "The article was also sparse on QNAP details, are they the worst? Doubt it could traverse the subnet but.... Asking for a friend."

      The article has a link to the report. QNAP certainly wasn't the worst offender. Bit of apples-to-oranges since some devices are routers and some NAS devices.

    2. Korev Silver badge

      Re: I had to Google

      > Seems like a bit of a long shot to be honest especially if you have your own DNS server and Web protection in place.

      These devices are usually sold to places that are too small to run DNS servers etc

  2. Anonymous Coward
    Anonymous Coward

    Is anyone surprised? Most SOHO network devices are just consumer crap, with somewhat beefier hardware and a few "pro" software features enabled.

    1. Evil Harry

      I was under the impression that QNAP run their QTS OS software across their entire range from Soho gear through to some hardware that wouldn't look out of place in a larger enterprise. Worrying if their software can be easily compromised.

  3. sbt
    Pirate

    Here at my home, where the Buffaloes roam...

    I've relied on these sorts of "flaws" for many years to get shell access to these NASs with their otherwise locked-down and crummy Web interfaces, to install additional modules and tweak other settings. Obviously heavily firewalled and running my own local DNS, so not to worried about the risks.

  4. simonlb
    Unhappy

    No response from Drobo?

    Doesn't surprise me as they are owned by a 'private equity' group, which normally follows the standard script of reducing the level of investment and support whilst quietly asset stripping the company until it's in terminal decline. Give it a couple of years.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022