Vendor: SGAI
Affected products: Space1 NAS - N1211DS ≤ v1.0.915
Vendor Homepage: https://www.aigyzn.com/
Vendor contact information: https://www.aigyzn.com/contact/ - sgai@aigyzn.com
The SGAI Space1 NAS (model N1211DS, firmware version v1.0.915) contains an unauthorized information disclosure vulnerability. This vulnerability is caused by lax authentication of the GET_FACTORY_INFO interface. It allows attackers to obtain sensitive information such as the remote target device's system password and Wi-Fi password in plaintext, enabling unauthorized remote attackers to log in to the remote target NAS device's backend management system.
The vulnerability is located in the binary file gsaiagent.
This interface lacks permission verification and directly accessing it will expose the following sensitive information.
Unauthorized POST request message sent to http://xxx/cgi-bin/JSONAPI:
{"cmdType":"GET_FACTORY_INFO"}
This could reveal the following information.
Using the leaked plaintext password, one can directly log in to the remote target NAS device's backend management system.
