Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Thousands of Legacy Lenovo Storage Devices Exposed Millions of Files

Cybersecurity firms Vertical Structure and WhiteHat Security on Tuesday reported that their researchers discovered a serious vulnerability that gave remote attackers access to millions of files stored on thousands of exposed Lenovo network-attached storage (NAS) devices.

Cybersecurity firms Vertical Structure and WhiteHat Security on Tuesday reported that their researchers discovered a serious vulnerability that gave remote attackers access to millions of files stored on thousands of exposed Lenovo network-attached storage (NAS) devices.

An analysis revealed that the exposed devices were discontinued Iomega/LenovoEMC storage products. Simon Whittaker, director at Vertical Structure, told SecurityWeek that a Shodan search conducted in the fall of 2018 revealed 5,114 devices storing over 3 million files. This includes roughly 20,000 documents, 13,000 spreadsheets, 13,000 text files and 405,000 pictures. Some of the files stored sensitive information, including payment card numbers and financial records.

Whittaker believes the actual number of exposed systems is likely higher as the 5,114 devices are only the ones that were identified and had some details indexed.

The vulnerability could have been exploited by a remote, unauthenticated attacker to gain access to the files stored on the devices by sending a specially crafted request via an API.

“The API is completely unauthenticated and provided the ability to list, access and retrieve the files remotely in a trivial manner. It is similar to millions of open s3 buckets being discovered,” Whittaker told SecurityWeek.

An attacker could have scanned the web for vulnerable devices and sent a malicious request to the targeted device’s IP address. However, Whittaker said an attacker could have also created a script that would automate the attack and retrieve data from all the vulnerable devices.

Vertical Structure and WhiteHat reported their findings to Lenovo, which pulled three versions of the affected software out of retirement to address the vulnerability. Lenovo, which tracks the flaw as CVE-2019-6160, published an advisory on Tuesday.

This is not the first time Lenovo has warned users about a potentially serious vulnerability affecting its discontinued Iomega and LenovoEMC NAS products. Last year, the company learned of nine weaknesses, including ones that could have been chained to completely compromise a device.

*Updated with CVE and link to Lenovo advisory

Related: Backdoor Found in Lenovo, IBM Switches

Related: Lenovo Patches Critical Wi-Fi Vulnerabilities

Related: Nine Remotely Exploitable Vulnerabilities Found in Dell EMC Storage Platform

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.