Beyond Binary is reporting a vulnerability affecting SeagatesBusiness Storage line of NAS devices and possibly other Seagate NAS products. These arefairly common devices in SOHO and even small enterprise applications.
It appears that a number of OTScomponents and the custom web applicationused in the web management interface are out of date and will permit unimpeded access to the administration functions of the device. It is believe that versions of the firmware up to and including 2014.00319 are vulnerable.
It is hoped that if you have one of these devices in your network that you do not havethe administration interface accessible on the Internet. If you do you will want to remove it.You can be sure that the bad guys have startedscanning for these devices.At this point no updated firmware is available to resolve this issue.
— Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.