LIVESTREAM: How We Discovered New Vulnerabilities in the Buffalo TeraStation TS5600D1206 NAS.

These vulnerabilities in this IoT device lead to authentication bypass, command injection, arbitrary file upload, and more!

ISE
Independent Security Evaluators

--

After the video make sure to check out this related blog which has more details on the vulns found in this device.

Abstract:

The ongoing research conducted by ISE Labs has discovered a wide range of vulnerabilities in small-office/home-office (SOHO) devices, totalling over 100 CVE-worthy vulnerabilities so far. However, discovering vulnerabilities is not the only goal of ISE Labs’ efforts — We also aim to share our findings and pass on the knowledge we have gained. That’s what this livestream is for.
We’re going to cover a few simple yet severe vulnerabilities in the Buffalo TeraStation TS5600D1206. This network attached storage (NAS) dvice, aimed at small businesses, happens to have some functionalities that do their job just a little too well. We’ll cover vulnerabilities leading to authentication bypass, command injection, arbitrary file upload, etc. In doing so, we’ll go over the methods used to discover these vulnerabilities and demonstrate just how much damage an attacker could do.

Bio:

Ian Sindermann is an Associate Security Analyst at Independent Security Evaluators (ISE), where he conducts rigorous security assessments of various computer hardware and software products. With a primarily self-taught education and prior experience as a wannabe sysadmin, his background lies in web application security, IoT devices, and *NIX systems. Insatiable curiosity has led to a variety of other interests including hardware hacking, legacy systems, mainframes, and whatever tech obscurities he can get his hands on.

Sign up to get our latest blogs

Follow us on Twitter for more info on this livestream @ISESecurity

--

--