× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

ReadyNAS RN214 Joomla cyber attack

reyii
Aspirant

ReadyNAS RN214 Joomla cyber attack

Hello Community,

 

Is anyone getting attacked by ReadyNAS OS with this signature CVE-2015-8562 ?

 

Since I added ReadyNAS RN214 to my home network I'm getting this attacks every 10 ~mins.

Although the attack comes from ReadyNAS with a Joomla signature, I don't have Joomla installed on ReadyNAS.

 

Nortong Security Report
==============================
Category: Intrusion Prevention
6/16/2020 8:28:29 AM,

High,

An intrusion attempt by NAS was blocked.,

Blocked,

No Action Required,

Attack: Joomla Remote Code Execution CVE-2015-8562,

No Action Required,

No Action Required,

"NAS (192.168.1.20, 80)","XPS1550 (192.168.1.8, 40287)",NAS (192.168.1.20),"TCP, www-http"
Network traffic from <b></b> matches the signature of a known attack.

The attack was resulted from \DEVICE\HARDDISKVOLUME4\PROGRAM FILES (X86)\NETGEAR\REMOTE\BIN\READYDROP.EXE.

Model: RN21400|ReadyNAS 214 Series 4- Bay (Diskless)
Message 1 of 3
StephenB
Guru

Re: ReadyNAS RN214 Joomla cyber attack

I haven't seen it.

 

Do you have ReadyCloud installed on the PC?  ReadyDrop was replaced by ReadyCloud. 

Message 2 of 3
reyii
Aspirant

Re: ReadyNAS RN214 Joomla cyber attack

Yes, I have ReadyCLOUD.

Maybe this is a false positive by my NortonAntivirus... I have a support ticket open with Netgear waiting for their inputs.

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 867 views
  • 0 kudos
  • 2 in conversation
Announcements