This advisory details multiple vulnerabilities in WiseGiga NAS devices, including pre- and post-authentication local file inclusion, remote command execution as root, CSRF-based RCE, information leakage, and default credentials. The analysis includes proof-of-concept examples and technical explanations of the vulnerabilities.
Classification
Writeup 100%
Attack Type
Rce | Info Leak | Auth Bypass
Target:
WiseGiga NAS devices
No auth needed
Prerequisites:
Network access to the target device