Published: 2017/11/30  Last Updated: 2017/11/30

Information from Princeton Ltd.

Vulnerability ID:JVN#98295787
Title:Multiple vulnerabilities in Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

・Depending on the specifications of the product, the http port access from the RJ45 port side was closed because it was designed to be able to read and write files using the browser (http).                
・In order to prevent reboot due to buffer overflow caused by Dos attack, http port access from RJ45 port side was closed.
・Someone intruded from the RJ45 port side, closed http port access to prevent cgi file being created / executed by http command, telenet daemon being started, and being able to log in to telenet without authentication.              
・Because the telnet password could be easily assumed, we closed the telnet port access from the RJ45 port side.