ASUSTOR has just published a notice informing customers regarding a severe vulnerbility with Surveillance Center in the ASUSTOR app store that exposes them to potential attackers gaining elevated privileges in their affected products’ ADM, ASUSTOR’s NAS OS. This update fixes this underlying vulnerability. ASUSTOR strongly urges all users of Surveillance Center for ADM to install the latest version as soon as possible to protect themselves and to minimize the risk of malware infection. ASUSTOR also recommends taking additional security measures to guard against the potential harms of malware in accordance with previously announced protective measures.
ASUSTOR strongly recommends taking the following actions to ensure your data is secure:
- Change your password.
- Use a strong password.
- Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
- Turn off Terminal/SSH and SFTP services and other services you do not use.
- Make regular backups and ensure backups are up to date.
- Turn on and update snapshots if available.
- Enable the AbuseIPDB risk detection greylist.
As this is an app, this applies to all products that can use it which is the entire product line apparently so all products could be affected. It’s highly urged to update the app and follow the extra hardening recommendation above.