The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices.
WiseGiga is a Korean company selling NAS products.
The vulnerabilities found in WiseGiga NAS are:
- Pre-Authentication Local File Inclusion (4 different vulnerabilities)
- Post-Authentication Local File Inclusion
- Remote Command Execution as root
- Remote Command Execution as root with CSRF
- Info Leak
- Default accounts
An independent security researcher, Pierre Kim, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
We tried to contact WiseGiga since June 2017, repeated attempts to establish contact went unanswered. At this time there is no solution or workaround for these vulnerabilities.