IoT devices often present unique and unexpected challenges for hackers to overcome. In this blog, we provide an in-depth walkthrough of how we broke custom solutions and built exploits to remotely control the targeted device as a root user. The challenge involves reverse engineering a proprietary protocol used to issue commands and receive data to and from the Drobo NAS 5N2. The blog covers the process of identifying and exploiting CVE-2018–14708, CVE-2018–14709, and CVE-2018–14701.