Orbi WiFi 7 RBE973
Reply

Re: ReadyCLOUD discover reveals more than I bargained for

aks-2
Apprentice

ReadyCLOUD discover reveals more than I bargained for

I visited ReadyCLOUD, selected 'Set up a new ReadyNAS', and was a bit surpeised to see so many devices - none of which are mine. Are these real devices of other users?

 

 

ReadyCLOUD-devices-list.PNG

 

Model: RN21400|ReadyNAS 214 Series 4- Bay (Diskless)
Message 1 of 11
aks-2
Apprentice

Re: ReadyCLOUD discover reveals more than I bargained for

I disconnected my phone from the WiFi network, so on the public carrier, and repeated the procedure. To my surprise, my serial number was discoverable publicly on ReadyCLOUD, along with my device name.

Why am I surprised? Because I do not have ReadyCLOUD enabled at this time, so why is it discoverable - seems to be a security flaw.

 

Ok that's worrying, however, clicking on 'Manage' directs to the local IP address inside my network, which of course does not resolve publicly.

 

Any thoughts?

 

Message 2 of 11
jmel
Aspirant

Re: ReadyCLOUD discover reveals more than I bargained for

Based on the slow support I've seen here in the past, I don't think they will do anything very quickly, though I'm hoping I'm proven wrong.

Message 3 of 11
schumaku
Guru

Re: ReadyCLOUD discover reveals more than I bargained for


@jmel wrote:

Based on the slow support I've seen here in the past, ....


Mind you, this is a customer community and in no aspect a formal support channel under any service level.

Message 4 of 11
StephenB
Guru

Re: ReadyCLOUD discover reveals more than I bargained for


@aks-2 wrote:

I disconnected my phone from the WiFi network, so on the public carrier, and repeated the procedure. To my surprise, my serial number was discoverable publicly on ReadyCLOUD, along with my device name.

Why am I surprised? Because I do not have ReadyCLOUD enabled at this time, so why is it discoverable - seems to be a security flaw.

 

Ok that's worrying, however, clicking on 'Manage' directs to the local IP address inside my network, which of course does not resolve publicly.

 


Tagging @DaneA to call his attention to this thread.

Message 5 of 11
jmel
Aspirant

Re: ReadyCLOUD discover reveals more than I bargained for

Fair enough - but issues like this should certainly have a better vehicle to report. Corporations have decided that making it nearly impossible to reach a person without paying  is a good idea.

Message 6 of 11
aks-2
Apprentice

Re: ReadyCLOUD discover reveals more than I bargained for

There are plenty, well a few at least, Netgear official members here too, so any response would be good, even if this is 'by design with no plan to change it', or whatever. Silence is more painful 😯.

Message 7 of 11
Hawk321
Apprentice

Re: ReadyCLOUD discover reveals more than I bargained for

Yes it’s a customer community but the software is broken in so many ways and has no features compared to other manufacturers. Sometimes I really ask myself why Iam still hurting myself with using Netgear NAS hardware since years, over 3 different models now. It seems I have a masochistic streak otherwise I would use something which is improving and not getting worse and worse.

Maybe we all have a masochistic streak ^^
Message 8 of 11
Sandshark
Sensei

Re: ReadyCLOUD discover reveals more than I bargained for

Did you complete the set-up and did your NAS then disappear from the list?  If so (and I think  it should, but I never really used ReadyCloud) then Netgear did not anticipate that so many would enable ReadyCloud and then never complete the set-up and has failed to warn users about potential consequences of doing so.  But I'm not sure that's such a really terrible consequence unless there is a way to "hijack" somebody's ReadyNAS, which you seem to have determined cannot happen without knowing the NAS name, admin password, and having access to the network on which it resides.

Message 9 of 11
aks-2
Apprentice

Re: ReadyCLOUD discover reveals more than I bargained for

This is intriguing. So, I just visited https://readycloud.netgear.com, selected add new device, NAS, and low and behold, no devices are displayed at all now. I used search, and it did show my local NAS, but surely this is now functioning entirely as we'd expect?

 

Anyone from Netgear here to confirm the behaviour has been changed?

Message 10 of 11
DEADDEADBEEF
Apprentice

Re: ReadyCLOUD discover reveals more than I bargained for

I got curious about this and looked up what actually gets called when you 'search'... If you manually go to the API address and change the callback ID you'll see other devices than your own so yeah........

 

Not that it really matter much, it doesn't provide you access - at most you'll see the hostname + internal IP which obviously won't be reachable anyways.

Message 11 of 11
Discussion stats
  • 10 replies
  • 2715 views
  • 1 kudo
  • 7 in conversation
Announcements