An ASUSTOR NAS or network attached storage is “a computer appliance built from the ground up for storing and serving files. It attaches directly to a network, allowing those on the network to access and share files from a central location”. In the following advisory we will discuss a vulnerability found inside ASUSTOR NAS which lets anonymous attackers bypass authentication requirement of the product.
An independent security researcher, Ahmed Y. Elmogy, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
ASUSTOR NAS devices running ADM version 3.0.5.RDU1 and prior