Vendor: SGAI
Affected products: Space1 NAS - N1211DS ≤ v1.0.915
Vendor Homepage: https://www.aigyzn.com/
Vendor contact information: https://www.aigyzn.com/contact/ - sgai@aigyzn.com
The SGAI Space1 NAS (model N1211DS, firmware version v1.0.915) contains an unauthorized information disclosure vulnerability. This vulnerability is caused by lax authentication of the GET_USER_INFO interface. By exploiting this vulnerability, sensitive information such as the owner's APP account (phone number) and password of the remote target device can be obtained, thereby enabling unauthorized management of the remote NAS device.
The vulnerability is located in the binary file gsaiagent.
This interface lacks permission verification and directly accessing it will expose the following sensitive information.
Unauthorized POST request message sent to http://xxx/cgi-bin/JSONAPI:
{"cmdType":"GET_USER_INFO"}
This could reveal the following information.
This includes the APP account and password of the owner of the remote target NAS device, and the password is displayed in plain text.
