Vulns out of the box: 12 in 13 small biz network devices terribly insecure by default – research

Vulns out of the box: 12 in 13 small biz network devices terribly insecure by default – research

You want root shell access? No problem


A new report has suggested that 12 out of 13 network devices, such as routers and network-attached storage appliances, are vulnerable to hacks that enable "root-privileged access without any authentication".


Security consultants ISE took a look at devices from well-known vendors including Buffalo, Synology, Zyxel, Drobo, Asus, Seagate, Lenovo, QNAP and Netgear. They were evaluated out of the box, including running setup wizards and enabling recommended security features, in order to mimic a "typical use configuration".


The news is not good. "We obtained root shells on 12 of the devices, allowing complete control over the device including 6 which can be remotely exploited without authentication," said the report.


The vulnerabilities discovered are familiar, including buffer overflow (Asus), cross-site scripting (most of them), command injection (most ..

Support the originator by clicking the read the rest link below.