Advisory Information
Title: Thecus NAS Server Plain Text Administrative Password
Date published: 13 January 2014
Reference: CVE-2013-5669
Advisory Summary
The Network Attached Storage (NAS) Administration Web Page for Thecus NAS Server N8800 transmits passwords in cleartext by default, which allows remote attackers to sniff the administrative password.
Vendor
Thecus <http://www.thecus.com/>
Affected Software
Thecus NAS Server N8800 Firmware 5.03.01
Description of Issue
The issue exists because by default the Thecus NAS Server N8800 sends NAS administrative authentication credentials in plaintext across the network. The credentials may be disclosed to attackers with the ability to intercept network traffic, which may enable them to gain unauthorised access to the NAS administrative interface.
PoC
Attackers can use a browser to exploit these issues.
Fix
ThecusOS 5 (32 bit):
http://www.thecus.com/Downloads/beta/FW/Thecus_NAS_FW_beta_5.03.02.4.rom
ThecusOS 5 (64 bit):
http://www.thecus.com/Downloads/beta/FW/64_V2.04.05_build7464_FW_N2800_N4510U_N4800_N5550_N7510.rom
http://www.thecus.com/Downloads/beta/FW/64_V2.04.05_build7464_FW_N7700PROV2_N8800PROV2.rom