The ongoing research conducted by ISE Labs has discovered a wide range of vulnerabilities in small-office/home-office (SOHO) devices, totalling over 100 CVE-worthy vulnerabilities so far. However, discovering vulnerabilities is not the only goal of ISE Labs’ efforts — We also aim to share our findings and pass on the knowledge we have gained. That’s what this livestream is for.
We’re going to cover a few simple yet severe vulnerabilities in the Buffalo TeraStation TS5600D1206. This network attached storage (NAS) dvice, aimed at small businesses, happens to have some functionalities that do their job just a little too well. We’ll cover vulnerabilities leading to authentication bypass, command injection, arbitrary file upload, etc. In doing so, we’ll go over the methods used to discover these vulnerabilities and demonstrate just how much damage an attacker could do.