SSD Advisory – WiseGiga NAS Multiple Vulnerabilities Full report: *https://blogs.securiteam.com/index.php/archives/3402 <https://blogs.securiteam.com/index.php/archives/3402>* Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerabilities summary The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS are: Pre-Authentication Local File Inclusion (4 different vulnerabilities) Post-Authentication Local File Inclusion Remote Command Execution as root Remote Command Execution as root with CSRF Info Leak Default accounts Credit An independent security researcher, Pierre Kim, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program Vendor response We tried to contact WiseGiga since June 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities. -- Thanks Maor Shwartz Beyond Security GPG Key ID: 93CC36E2DE7FF514
Attachment:
SSD Advisory – WiseGiga NAS Multiple Vulnerabilities – SecuriTeam Blogs.pdf
Description: Adobe PDF document
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/