Over the last couple months, ISE Labs has conducted a research project where we have been looking into the security of embedded devices. Our research focused on identifying vulnerabilities in network accessible services; our goal was to identify vulnerabilities that would allow us to weaponize the device. This blog post covers some of the vulnerabilities we identified in the Lenovo ix4–300d, an enterprise Network Attached Storage device (NAS). In this post, we will cover how we identified vulnerabilities and created a workflow that grants attackers the ability remotely exploit this device. This blog will approach our end goal from a down-up perspective. First, we will figure out a way to get a shell on the device. Then, we will begin hunting down the individual pieces we will need to make it remotely exploitable. Without further ado, here is how you can stack some of the vulnerabilities we identified in the Lenovo ix4–300d to get a remotely accessible root shell.