Samba vulnerability affecting NAS devices warning

You see this notification pop up:

"Samba vulnerability affecting NAS devices.
A Samba vulnerability that affects network attached storage devices allows remote attackers to execute commands on affected devices."

Why did this happen?

Trend Micro alerted you to a recently disclosed Samba vulnerability that affects many consumer Internet of Things (IoT) devices such as Network Attached Storage (NAS).

What is Samba?

Samba is a standard interoperability software suite integrated with Windows. It allows users to access files, printers, and other commonly shared resources over a network.

What is the issue?

The vulnerability allows remote attackers to execute commands on affected devices wherein Samba is installed.

Though security fixes were released in January, vendors will still release updates for their respective devices. Potential attackers may look for attached devices such as NAS devices, which are much less likely to receive regular updates.

What are its risks?

Since this vulnerability enables remote attackers to execute commands with the highest privileges on affected installations, this can be exploited by any user that has the ability to write or modify a file.

What should I do next?

The device manufacturer must schedule the availability of the fix to update NAS firmware.

Until the firmware is updated, we recommend the following:

1. Check your device manufacturer about the update availability and enable automatic updates (if applicable).

   Synology

   • How to Update Disk Station Manager

   Western Digital

   • How to Auto Update Firmware on a My Cloud
   • How to Update the Firmware on a My Book Live or My Book Live Duo

   QNAP

   • How to update your QNAP NAS’s firmware with a web browser?

   NETGEAR

   • Updating your ReadyNAS

   Seagate

   • How to check for firmware updates and update firmware
2. Make sure to properly set up your Trend Micro Home Network Security for complete home network protection.