Router Charts

Router Charts

Router Ranker

Router Ranker

Router Chooser

Router Chooser

NAS Charts

NAS Charts

NAS Ranker

NAS Ranker

More Tools

More Tools

NAS Reviews

Under The Covers

Figure 16 shows the motherboard of the 150d.

Main Board
Click to enlarge image

Figure 16: Main Board

Iomega specifies the processor of the 150d as being a Freescale 8347 running at 400MHz with 128MB of RAM using a Vitesee 8201 chip for Ethernet. The SATA support is provided by a Silicon Image 3114 chip, and the USB support is provided by SMSC 2504 controller.

Internally, Iomega specs that the box runs a Linux 2.6.13 kernel, and also provides GPL source code on the installation CD. But I wanted to poke around a bit to see how the box was internally organized, so I started looking for a way to get visibility into the operating system.

When creating a network share, the user interface limited me to choosing data directories only, not operating system directories. But like many of these products, the 150d used the flawed strategy of using JavaScript for validation.

To bypass this, I redirected my browser to my own HTTP proxy that let me edit all parameters sent to the box. Using this technique, I specified the directory shown in Figure 17, which exported the very top level of the operating system directory.

Hacked Share

Figure 17: Hacked Share Name

Now I could mount this new share and roam around the operating system tree viewing boot scripts, binaries, the password file, etc. This showed me typical components such as Busybox for utilities, Samba for Windows sharing, vsftp for ftp support, etc. But I wasn't able to view everything because I only had the privilege of a standard user.

To elevate my privilege, I needed to look further. Another common error developers make is insufficient validation of data entered into a form. Iomega made this mistake when processing the input entered into the Email Alert form. I found that by using "back ticks" I could embed an arbitrary command into the email address and Iomega would dutifully pass this on to a command shell. Also, when I executed a command to list all of the running processes, I found that this command was executed as the "root" user, another "No-No" for developers (Figure 18).

Root Command

Figure 18: Running my command as root

Game over. Now I could change the password file to give my user root privileges, execute my own scripts, edit any file, etc. Note that in order to do what I did, I needed to have the administrator password to start with, so this is not a wide-open vulnerability. But also remember that administration has to be done over an insecure HTTP connection instead of a secure HTTPS connection, so the administrator password could be exposed to a determined local user.

Conclusion

I found the 150d to be a powerful NAS, with decent performance. The user interface is well designed and the RAID modes provide a measure of protection against disk failure. The USB ports give the ability to expand storage and also to share a printer to the network.

This feature set is fairly complete—as long as you're not looking for media serving—but not as extensive as some competing products such as the Infrant ReadyNAS NV. The fact that it supports Linux, Apple and Microsoft network file systems is a plus, as is its Active Directory support.

The hot-swap feature was nice as well, making it easy to plug and unplug disks while the NAS was up and running. But I would liked to have seen logging, a lower noise level, and the ability to update firmware from my Mac.

Overall, I would recommend the 150d if you're a small business administrator looking for a cost-effective way to add controlled storage to a heterogeneous network.

More NAS

Featured Sponsors

Top Performing Routers

AC3200
AC2350
AC1900
AC1750
AC1200

Top Performing NASes

NoRAID
RAID1
RAID5

Over In The Forums

I am seeing conflicting reviews on the 68P vs the R7000 and was looking for your opinions if you have tested them. My Cisco C819HWD-A-K9 ISR Router s...
My inlaws have this modem wirless pho e cable mode with Xfinity and pay for 50Mbs wifi called boost. They get nothing decent for range and they use th...
Will AC87U refresh CFE how to operate? What precautions! Which friends will say something in detail, CFE if the update fails, the router how to save?
I have strange issues with my new router and wan ip it gets. I live in MN and have comcast with Arris 722G modem. For some reason my wan gets an IP fr...
I am new to Merlin. It is a great firmware, simple and fast. Right now, I am trying to add a sound card to my router. I am wondering where could I fo...

Don't Miss These

  • 1
  • 2
  • 3