ReadyCloud security issues

racer841
Aspirant
May 14, 2020
Hi.

Thanks for the answer, but I can't agree. I've just connected to my NAS from corporate network, where no NETGEAR home routers are in use. The connection to my NAS through readycloud.netgear.com is still insecure (http://readycloud.netgear.com).

Regarding the issue#2, no, I was not able to download files after I've disabled ReadyCLOUD on the NAS.

Regards,
Greg
- Sandshark
  Sensei
  May 14, 2020
  You misread the response. ReadyCloud is also included on some Netgear home routers, and this restriction is based on what they need to make it work. That you don't have a Netgear home router has nothing to do with it, and the rest of the response explains why you shouold have no concern.
  
  But, frankly, I don't understand why you would use ReadyCloud in that environment. It's intended as a home solution, A corporate network would more likely be using a VPN.
  - racer841
    Aspirant
    May 14, 2020
    I don't use ReadyCloud in corporate environment. RN 104 is my home NAS and I just tried to connect it from internet - in this case corporate network.
    
    So I've NAS at home, beyond two routers - one is my private orbi and the second is router from my ISP. None of routers allows any direct connection to my home network, so I think NAS connects to readycloud. Readycloud allowes authenticated user/connection to see NAS content from internet, but the connection is to readycloud, not to NAS directly. Why this internet --> readycloud connection is not secured, just as readycloud login page is?
schumaku
Guru - Experienced User
May 14, 2020
JohnCM_S wrote:
The ReadyCLOUD web portal actually runs on HTTPS, all connections from apps, portal and back-end access are on HTTPS.

The reason that you see HTTP on the web portal is for the NETGEAR home routers where they also connect to ReadyCLOUD. However, due to their specifications they usually are having a hard time maintaining HTTPS connection because of certificates being updated from time to time. So seeing the portal on HTTP is just actually for the routers to be able to use its feature but ensuring back-end and other access is secured using HTTPS and VPN connections.
This is exactly the part I never understood - and honestly, there is something essentially wrong. Had discussed this with the designer years ago before Netgear took over the ReadyNAS business ...

The data path is this:

Web Browser <-> http://readycloud.netgear.com/ <-> ReadyCloud cloud infrastructure <-http or https or much more a LeafNetworks "protected" IPv4 tunnel -> ReadyNAS or Netgear Consumer Router

Ok, to make this connection possible, the RedyNAS resp. the Netgear Router does establish a connection to the ReadyCloud cloud infrastructure using the Leaf Networks "tunnel" (yes, Jeff Capone never liked me stating it's a tunnel, but hey...) encapsulating/encrypting the Leaf Networks "borrowed" IPv4 subnet (available at the design time, now also assigned to a real Internet user) - certainly between the ReadyNAS and the ReadyCloud cloud infraructure.

The restriction of the why ever crappy code and certificate handling on the Netgear consumer routers (sigh...) apparently not able to establish a https or secured connection to the cloud infrastructure can't explain why the ReadyNAS (which apparently does based on my investigations on the Intel x64 based units - not sure of this applies to the low power RN1xx).

Let's take the long story short: This does deny using ReadyCloud - certainly the Web portal which does indeed forced to http only - usage in todays Internet world.... even shorter: It's a DEAD HORSE.

Forum Discussion

Related Content

ReadyCloud Security Flaw

R6400v2 and ReadyCLOUD issues

ReadyCloud login issue

ReadyCLOUD suspendu???

Netgear Terminating ReadyCLOUD Service

NETGEAR Academy

ProSupport for Business