你的 NAS 不是你的 NAS !
NAS (Network Attached Storage) is a specialized name for data storage that allows users to access data and share files directly on the network. In recent years, due to the popularity of the Internet, more data needs to be stored and backed up than ever before, and the popularity of NAS has increased dramatically, and it is even more common within enterprises, so the security of NAS is even more important.
Nowadays, NAS provides different kinds of transmission protocols such as SMB/AFP for users of different operating systems to access, and the functions are becoming more and more diversified. When NAS provides these services, they are often implemented by modifying some open source projects, such as SMB and AFP protocols, but when vendors use these software, have they really examined whether the software is really secure?
This session will reveal for the first time the open source vulnerability exploited in Pwn2Own 2020 Mobile and introduce how to exploit the vulnerability to achieve Pre-auth Root RCE. The session will also analyze the impact of the vulnerability in the mainstream NAS in the market today.