Network Attached Storage (NAS) devices are indispensable in many corporate and home environments. These devices often live on the network edge, providing convenient remote access to confidential files and internal networks from the public internet. What happens when this goes terribly wrong?
At DEF CON 33, Rapid7 Labs answered this question by presenting an exciting piece of research on the main stage. For the first time in public, Staff Security Researcher Ryan Emmons shared the details of a critical Synology NAS vulnerability he uncovered and exploited at the Pwn2Own Ireland competition. At the time of discovery, the exploit facilitated unauthenticated root-level remote code execution on millions of NAS devices in the default configuration.
In tandem with this presentation, Rapid7 Labs has published a whitepaper that outlines a novel remote Linux exploitation technique. This technique was developed to address the absence of existing alternatives, and it can be used in other researchers’ exploit chains in the future. For those who were unable to make it to DEF CON 33, this whitepaper shares all of the key technical details of the exploitation strategy and original research.
Download the full whitepaper here: Exploiting Synology NAS with Delimiters and Novel Tricks
