NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

reyii's avatar
reyii
Aspirant
Jun 16, 2020

ReadyNAS RN214 Joomla cyber attack

Hello Community,

 

Is anyone getting attacked by ReadyNAS OS with this signature CVE-2015-8562 ?

 

Since I added ReadyNAS RN214 to my home network I'm getting this attacks every 10 ~mins.

Although the attack comes from ReadyNAS with a Joomla signature, I don't have Joomla installed on ReadyNAS.

 

Nortong Security Report
==============================
Category: Intrusion Prevention
6/16/2020 8:28:29 AM,

High,

An intrusion attempt by NAS was blocked.,

Blocked,

No Action Required,

Attack: Joomla Remote Code Execution CVE-2015-8562,

No Action Required,

No Action Required,

"NAS (192.168.1.20, 80)","XPS1550 (192.168.1.8, 40287)",NAS (192.168.1.20),"TCP, www-http"
Network traffic from <b></b> matches the signature of a known attack.

The attack was resulted from \DEVICE\HARDDISKVOLUME4\PROGRAM FILES (X86)\NETGEAR\REMOTE\BIN\READYDROP.EXE.

Netgear Apps & Add-ons
ReadyNAS Vault

2 Replies

Replies have been turned off for this discussion
  • StephenB's avatar
    StephenB
    Guru - Experienced User
    Jun 21, 2020

    I haven't seen it.

     

    Do you have ReadyCloud installed on the PC?  ReadyDrop was replaced by ReadyCloud. 

    • reyii's avatar
      reyii
      Aspirant
      Jun 21, 2020

      Yes, I have ReadyCLOUD.

      Maybe this is a false positive by my NortonAntivirus... I have a support ticket open with Netgear waiting for their inputs.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More