NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
how to update to OS6? Is it possible?
Netgear sent me an email recommending upgrading, said: The Vulnerability: NETGEAR has become aware of the Badlock security vulnerability that causes ReadyNAS OS 6 devices to be susceptible to man-i...
Hi Bobknds,
Welcome to the community!
You should first make a backup of your data before starting the upgrade. Check this page for instructions and open the ReadyNAS forum threads for additional tips & instructions.
Kind regards,
BrianL
NETGEAR Community Team
Thank you for the Info. , if you would know, can I stay with for now with older OS and not have to worry about the email that was sent to me by netgear security?
Badlock Security Vulnerability Notification
The Vulnerability:
NETGEAR has become aware of the Badlock security vulnerability that causes ReadyNAS OS 6 devices to be susceptible to man-in-the-middle (MiTM), denial of service (DoS), and similar attacks. Our records indicate that your NETGEAR product is affected.
If you could let me know it would be greatly Appreciated and eas my concerns.
Thanks,
Bob
http://badlock.org/ has some more information on this.
OS 4.2.x is also vulnerable, as it is running Samba 3.6.25. However, the Samba Team doesn't provide fixes (even security fixes) for anything older than Samba 4.2
The risk for you depends on how you've deployed your ReadyNAS. Any attacker using these vulnerabilities has to have access to your local network.
Overall, if you want to stay up to date on security patches then you'll need to shift to OS 6. If you continue to run OS 4 systems (as I am) it's best to carefully control access from the internet.
Thanks for the info., and I do not have ftp inabled and I hope this also helps in securing the nas. I only use Netgear's remote software.
Bobknds wrote:
Thanks for the info., and I do not have ftp inabled and I hope this also helps in securing the nas.
Disabling services you don't use is always a good idea - just make sure you understand what they do first (to be certain you aren't using them).
Bobknds wrote:
I only use Netgear's remote software.
Then your internet access is already secured, since remote uses an encrypted VPN tunnel between the NAS and the remote device. If someone manages to compromise the Netgear VPN security, then someone can potentially take (or destroy) your data - but that risk has always been there.
Getting back to the posted question - it is possible to upgrade your ultra-2 to OS 6.5.1 Netgear won't support you if you do (though they still should honor any remaining warranty), and the process will destroy all data on the NAS now, so you would need to back everything up and restore it.
In your case, I'd say the benefits are likely slight. You would gain ReadyCloud, which gives you more features for than Remote. Though if you want to go for it, I'd suggest waiting a bit - recent changes to ReadyCloud have resulted in some growing pains, and it might be better to wait for things to settle down there.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
