Menu
A+ A A-

Netgear ReadyNAS - Disturbing FTP Bug

Netgear ReadyNAS NV+
I have a Netgear ReadyNAS NV+ and have loved everything about it up until now.  I recently enabled password-protected FTP access to 1 share, opened a port in my firewall, and used the

feature to transfer photos from my parent's computer in Los Angeles to my NAS in Tokyo.  It worked wonderfully.

Last weekend I was recabling the USB drive I use to backup the NAS.  I briefly disconnected it and reconnected it.  Unbeknownst to me, this action enabled public FTP access to the backup folder on my USB drive.  All of my private information was fully exposed to the public Internet.  The FTP access was neither password-protected nor even shown as active in the ReadyNAS's web console.
 
Lucky for me, I discovered the situation quickly and remedied it by disabling all FTP access and closing the port on the firewall.  I scoured the NAS's FTP logs checking if anyone had downloaded my information.  No one had.  Whew!  Close call!
 
I checked the ReadyNAS forums looking for anyone who had shared my experience.  Not too surprisingly, someone had: http://www.readynas.com/forum/viewtopic.php?f=23&t=25808

Netgear's response was that the bug will be fixed in a future firmware revision.  Well, at least they're aware of the problem.  Until then I simply don't trust this feature.  No more opening firewall ports for me.

Post comment as a guest

0 Character restriction
Your text should be more than 10 characters
  • Guest - andy minto

    Hi all,
    I believe this bug still exists. I am running a Readynas NV+ V2 (RND4000 200EUS) and Firmware RAIDiator 5.3.9. If I enable FTP access the USB drives become visible to everyone and the permission restrictions are totally ignored. Has anyone else found this?

    from United Kingdom