Users Slow to Update Netgear ReadyNAS Boxes Open To Remote Exploit 53
Trailrunner7 writes with this bit of news from Threatpost "A popular NETGEAR network-attached storage product used primarily in medium-sized organizations has a gaping vulnerability that puts any data moving through a network in jeopardy. The flaw in ReadyNAS, specifically its Frontview front end, was patched via a firmware update three months ago. But according to Tripwire researcher Craig Young who discovered the issue and reported it to NETGEAR, only a fraction of Internet-facing boxes have been patched. An attacker exploiting the vulnerability could gain root access to the box. 'There's a lot of room for people to get burned on this,' Young told Threatpost. 'I felt it is important to get the message out to people that if you're running the RAIDiator firmware (prior to the current version) it's easy to attack the system. As we've found with Microsoft patches, people reverse-engineer patches to find vulnerabilities. This is the type of thing that anyone could trivially compare this firmware to the previous and see in an instant where the vulnerability is.'"
But no one told me (Score:5, Informative)
I have a ReadyNAS Pro 6
But I have not received any message from my NAS that there was a firmware update.
I get an E-Mail from my NAS everytime it runs it scrubbing. But have not received any messages about firmware updates.
I just logged in to my NAS and asked it to check for updates. And there was one.
If they want to get people to update the firmware. Then they should inform people that there is updates.