Dark Reading reported that over 5,100 devices suffer from a firmware vulnerability that allows unauthenticated users to view and access data on the units. “The flaw, which is present in certain models of the NAS products, allows unauthenticated users to view and access data stored on the devices, and is trivially easy to exploit via the Application Programming Interface, researchers from Vertical Structure and WhiteHat Security said this week.” The impacted devices include several models of Iomega’s StorCenter and LenovoEMC’s series of NAS systems. Some models are at end-of-life and will not get any update.

Lenovo did issue an update for some models and pulled three versions of its NAS software out of retirement so users could continue to utilize their product while a fix was being readied. The firmware update changes the API and web interface in order to secure it. In situations where a user might not be immediately able to update the firmware for any reason, they should remove any public shares and use the device only on trusted networks, Lenovo said.

Email: jsimek@senseient.com Phone: 703.359.0700

Digital Forensics/Cybersecurity/Information Technology

https://www.linkedin.com/in/johnsimek

https://amazon.com/author/johnsimek

https://senseient.com