A vulnerability in the ReadyNAS Surveillance Application can end up exploited to gain root access to Netgear NAS systems, a researcher said.
ReadyNAS Surveillance is network video recording (NVR) software that installs directly to a ReadyNAS storage device and allows companies to set up a surveillance network with different types of IP cameras.
“Because the ReadyNAS Surveillance cgi_system cgi application doesn’t check the user-provided ‘bfile’ POST parameter and does not check if the user is authenticated, it’s possible to execute arbitrary commands as root,” said Sysdream Labs researcher Nicolas Chatelain, who discovered the vulnerability. “It’s also possible, without RCE, to download the ReadyNAS Surveillance configuration files.”
Netgear acknowledged Chatelain’s discovery in January after a few months of trying. The company first published a security vulnerability and offered a temporary mitigation for the problem, which was instructing users to disable port forwarding rules for their ReadyNAS devices running the app.
Netgear, later published a new version of the ReadyNAS Surveillance app that fixes the vulnerability earlier this month. Users should update to this latest version as soon as possible.