ReadyNAS RN214 Joomla cyber attack

reyii · ‎2020-06-16

Hello Community,

Is anyone getting attacked by ReadyNAS OS with this signature CVE-2015-8562 ?

Since I added ReadyNAS RN214 to my home network I'm getting this attacks every 10 ~mins.

Although the attack comes from ReadyNAS with a Joomla signature, I don't have Joomla installed on ReadyNAS.

Nortong Security Report
==============================
Category: Intrusion Prevention
6/16/2020 8:28:29 AM,

High,

An intrusion attempt by NAS was blocked.,

Blocked,

No Action Required,

Attack: Joomla Remote Code Execution CVE-2015-8562,

No Action Required,

"NAS (192.168.1.20, 80)","XPS1550 (192.168.1.8, 40287)",NAS (192.168.1.20),"TCP, www-http"
Network traffic from <b></b> matches the signature of a known attack.

The attack was resulted from \DEVICE\HARDDISKVOLUME4\PROGRAM FILES (X86)\NETGEAR\REMOTE\BIN\READYDROP.EXE.

My Setup (Cable 600/20) >> CM1150V >> BR500 >> GC108P >> WAC505

StephenB · ‎2020-06-21

I haven't seen it.

Do you have ReadyCloud installed on the PC? ReadyDrop was replaced by ReadyCloud.

reyii · ‎2020-06-21

Yes, I have ReadyCLOUD.

Maybe this is a false positive by my NortonAntivirus... I have a support ticket open with Netgear waiting for their inputs.

My Setup (Cable 600/20) >> CM1150V >> BR500 >> GC108P >> WAC505

ReadyNAS RN214 Joomla cyber attack

ReadyNAS RN214 Joomla cyber attack

Re: ReadyNAS RN214 Joomla cyber attack

Re: ReadyNAS RN214 Joomla cyber attack