Just stumbled across this (overly dramatic?) article and thought I’d just post it here…

It’s more to act as a reminder that if you’ve got a NAS that is serving content to the interwebs, then make sure it’s behind a proxy of some kind to prevent weaknesses (ie in the management Web UI) being exposed.

Obvz, this article is pointing to Zyxel, but it could be your DIY home-built NAS with Cockpit: CVE-2024-2947 - just an example, not bashing that project at all.

I’ve used Squid and HAProxy over the years (mostly on my pfSense box) - but I’d be interested to know if there’s other options that I’ve not heard of

  • SayCyberOnceMoreOP
    link
    fedilink
    English
    arrow-up
    3
    ·
    6 months ago

    Agreed.

    If the hardware’s standard, then it’s possible for people (us) to keep these things out of the ground / incinerator for a few more years, but if it’s custom / proprietary stuff, then that’s just terrible.