WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS
Security Affairs
OCTOBER 20, 2018
Meaning, authentication bypasses weren’t enough. After decoding the files , most of the API endpoints and the web interface were not accessible without authentication. The daemon takes XML data, parses the request and carries out the action without any authentication, except making sure the request came from 127.0.0.1.
Let's personalize your content