I have a Netgear ReadyNAS NV+ and have loved everything about it up until now. I recently enabled password-protected FTP access to 1 share, opened a port in my firewall, and used the
feature to transfer photos from my parent's computer in Los Angeles to my NAS in Tokyo. It worked wonderfully.
Last weekend I was recabling the USB drive I use to backup the NAS. I briefly disconnected it and reconnected it. Unbeknownst to me, this action enabled public FTP access to the backup folder on my USB drive. All of my private information was fully exposed to the public Internet. The FTP access was neither password-protected nor even shown as active in the ReadyNAS's web console.
Lucky for me, I discovered the situation quickly and remedied it by disabling all FTP access and closing the port on the firewall. I scoured the NAS's FTP logs checking if anyone had downloaded my information. No one had. Whew! Close call!
I checked the ReadyNAS forums looking for anyone who had shared my experience. Not too surprisingly, someone had: http://www.readynas.com/forum/viewtopic.php?f=23&t=25808
Netgear's response was that the bug will be fixed in a future firmware revision. Well, at least they're aware of the problem. Until then I simply don't trust this feature. No more opening firewall ports for me.
Netgear's response was that the bug will be fixed in a future firmware revision. Well, at least they're aware of the problem. Until then I simply don't trust this feature. No more opening firewall ports for me.