SGAI Space1 NAS N1211DS Credentials Storage Vulnerability in gsaiagent Component

A vulnerability exists in the SGAI Space1 NAS model N1211DS, affecting versions through 1.0.915. The issue arises in the gsaiagent component, specifically within the /cgi-bin/JSONAPI file, where the GET_FACTORY_INFO and GET_USER_INFO functions improperly handle authentication. This flaw allows for unauthorized access to sensitive information, including plaintext system and Wi-Fi passwords, as well as APP account details such as phone numbers. The vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability leads to unauthorized access to stored credentials, including system passwords and Wi-Fi passwords in plaintext, which could allow an attacker to log into the NAS device's backend management system. Additionally, according to a VulDB entry, this vulnerability is classified as problematic, with a CVSSv3 base score of 4.3.