CyberNews Briefs

Lenovo NAS Firmware Flaw Exposes Stored Data

Researchers with Vertical Structure and WhiteHat Security have discovered a critical flaw in Lenovo network-attached storage (NAS) devices that has left at least 3 million files on 5,114 storage devices exposed on the Internet.

Simon Whittaker of Vertical Structure warns that “the API is completely unauthenticated and provided the ability to list, access, and retrieve the files remotely in a trivial manner,” adding that the current issue “is similar to thousands of open [AWS] S3 [storage] buckets being discovered.” Lenovo has issued an alert over the high severity flaw, acknowledging that it can allow threat actors to access files stored on NAS shares via the unprotected API. NAS users can solve the issue by updating the firmware of their device.

Read more: Lenovo NAS Firmware Flaw Exposes Stored Data

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.