As you could have read in my previous post, I have found many vulnerabilities in the Seagate BlackArmor NAS 220 web interface.

The Seagate NAS could already be rooted by uploading a modified firmware, however, that would void the warranty.

This exploit is written in PHP and only attacks the web interface and does not modify the firmware, therefor you will not void your warranty.

The exploit works both locally and remotely – that if the BlackArmor is either connected directly to the internet or all required ports are forwarded to the BlackArmor.

I will not publish the exploit just yet! I would like to give Seagate another chance to release a fixed firmware for all the vulnerabilities. If they still decide not to respond to my e-mail, I will release the exploit to the public by the beginning of next year.

 
Update: The root exploit has been released and can be found here.

Share on Facebook1Share on Google+0Tweet about this on TwitterShare on LinkedIn1Email this to someonePin on Pinterest0Share on Reddit0Digg thisShare on Tumblr0Share on Yummly0Share on StumbleUpon0Flattr the author