Security researchers have discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and NAS devices that have the potential to affect millions of users.
To compile its latest SOHOpelessly Broken 2.0 study, Independent Security Evaluators (ISE) tested SOHO routers and NAS devices from Buffalo, Synology, TerraMaster, Zyxel, Drobo, ASUS and its subsidiary Asustor, Seagate, QNAP, Lenovo, Netgear, Xiaomi and Zioncom (TOTOLINK).
The researcher found that all 13 of the widely-used devices they tested contained at least one web application vulnerability which could allow an attacker to gain remote shell access or access to the administrative panel of the affected devices.
The vulnerabilities ISE discovered range from cross-site scripting (XSS), cross-site request forgery (CSRF), buffer overflow, operating system command injection (OS CMDi), authentication bypass, SQL injection and file upload path traversal.
SOHOpelessly Broken 2.0
According to the researchers, they were able to successfully obtain root shells on 12 of the devices which would allow them to have complete control over the affected devices. Additionally six of the devices they tested contained flaws that would enable attackers to gain control over a device remotely without having to authenticate.
The business and home routers ISE found to contain vulnerabilities are the Ausustor AS-602T, the Bufallo TeraStation TS5600D1206, the TerraMaster f2-420, the Drobo 5N2, the Netgear Nighthawk R9000 and the TOTOLINK A3002RU.
The firm’s new report is a follow-up study to SOHOpelessly Broken 1.0 which ISE published back in 2013. At that time, the firm disclosed a total of 52 vulnerabilities in 13 SOHO routers and NAS devices from TP-Link, ASUS, Linksys and other vendors.
Since its last study was published, ISE has noticed that several newer IoT devices have implemented useful security mechanisms including address-space layout randomization (ASLR), functionalities aimed at stopping reverse engineering and integrity verification mechanisms for HTPP requests.
The firm reported all of the vulnerabilities it discovered in SOHOpelessly Broken 2.0 to affected device manufacturers and the majority of which responded to the firm and have begun taking security measures to mitigate these vulnerabilities. However, Drobo, Buffalo Americas and Zioncom Holdings did not respond when presented with ISE’s findings.
Via The Hacker News