Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

NAS Reviews

Under the Covers

Figure 19 shows the main board of the StorCenter.

 StorCenter main board
Click to enlarge image

Figure 19: StorCenter main board

There's not a whole lot to see, because most of the functionality is embedded in an "Orion" Media Processor SoCfrom Marvell that has little documentation available on the web. To find out more, we'll have to get to the StorCenter's command shell. Software-wise, this unit, like most NAS devices, runs Linux internally. Iomega provides GPL source code for the StorCenter on the included CD, but to really find out what's going on in the unit, I wanted to get more information.

My first attempt to get some visibility was an attempt to share the operating system directory instead of just a data partition. The normal approach I take for this "hack" is to bypass the validity checks in the share creation screen to specify a top-level directory. I started down the path of using a cgi argument-modifying HTTP proxy, but I quickly noticed that there was no validation going on. In the "Create Shared folder" screen shown back in Figure 7, there was nothing to keep me from specifying that the top-level directory "/" should be shared. Very unusual.

Once I had the root level directory shared, I could mount it using the NFS protocol and see most everything in the StorCenter's operating system, including an unused telnet daemon. When I looked around to see if I could take it a step further, I noticed that the permissions on some of the critical directories and files were wide-open. This included both the "/etc" directory and the "/etc/passwd" file. Oops.

Using this vulnerability, I was able to first create a telnet daemon startup script in the /etc directory and then edit the password file to create a root-level user. After I made these changes, I rebooted the StorCenter, fired up a telnet client, and was greeted with the display shown in Figure 20.

 Logging into the StorCenter

Figure 20: Logging into the StorCenter

Bingo! I'm in as a root-level user. I usually have to work a lot harder than this to get a command line. Anyway, this screen tells us a few things. The StorCenter is using a Linux 2.6.12 kernel, and is using busybox for utilities. Looking around a bit more revealed other common utilities such as Samba for Windows file sharing, and boa for a web server. The UpnP/AV support is courtesy of Mediatomb. The CPU embedded in the Marvell SOC is identified as an Arm 926ej , which Iomega advertises as running at 400 MHz. The Ethernet is via Marvell. Memory-wise, the StorCenter has 64 MB of RAM.

Note that to take advantage of the vulnerabilities that let met get a command shell, I had to have admin login privileges for the configuration console. However, since the StorCenter ships without an administrator password at all, and since secure HTTPS connections are not available, there is still some level of risk that a user on your local LAN could take advantage of the unit.

Conclusion

I found the StorCenter to be a decent little unit, but there wasn't a whole lot to make it stand out from the pack of comparable NAS devices. It was nice to see support for Windows, Apple, and Linux systems, and I appreciated the inclusion of backup software, but I was a bit disappointed in the way it handled and "recovered" from a mirrored disk failure. I also would like to have seen some sort of status logs and alerts for notification of problems.

As for speed, there seemed to be some issue with read performance—at least in comparison to the units I tested against.

The one thing the StorCenter does have going for it is price. You can pick up a one terabyte StorCenter at Iomega's online store for $389, which I find pretty cheap. However, if Iomega wants to really make the StorCenter stand out, they have a bit of work to do.

More NAS

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi everyoneI've tried many things but cannot solve the problem.I have a desktop computer and bought ASUS PCE-AC88. I am living in Switzerland and usin...
Hey guys. I'm feeling pretty stupid here to even have to post this.... I would love any advice as to what I'm missing.I have a cable connection with c...
HelloI'm using a RT-AC66U and wpa2-enterprise at home. Connecting to my WLAN works fine but the certificate I get the first time is outdated and from ...
after installing download master on an external hard drive impossible to activate when I click on it wrote ''download master disabled'' I tried severa...
Thought I would mention this...It's a great package, hopefully someone picks up the baton and carries it moving forward...https://sourceforge.net/p/sh...

Don't Miss These

  • 1
  • 2
  • 3