Brian Chapados and Felix Domke have reported a weakness in Infrant ReadyNAS devices, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that the device includes an SSH daemon that cannot be disabled and that the password for the SSH root account on the device is generated using certain device-specific values (e.g. MAC address, serial number, version number) and cannot be changed permanently. This can potentially be exploited to generate the SSH root password and gain access to the target device.
The weakness is reported in ReadyNAS devices with RAIDiator 3.01c1-p1, 3.01c1-p6. Other versions may also be affected.
Solution: The vendor has provided the ToggleSSH add-on to disable/enable SSH on the device and has released RAIDiator 4.00b2-p2-T1 beta version, which has SSH disabled by default.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org