Collin R. Mulliner

April 2024
Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

April 2024

Sun

Mon

Tue

Wed

Thu

Fri

Sat

another bug I found in the software of the NAS-4220-B is that you can use telnet to login to the NAS-4220-B as root without being ask for as password. This is possible right after boot of the device. The problem seems to originate from the fact that the software puts together the filesystem in ram during boot. The actual bug is that telnetd is started before /etc/passwd is populated with a root account that has a password set.

[1] raidsonic nas4220 disk crypt key leak

18:38 | /security | comments | permanent link | Imprint/Disclaimer

...stuff I do and things I like...

RaidSonic NAS-4220 telnet root login without password