Beyond Binary has published a 0day report that affects NAS devices from Seagate. The vulnerability allows unauthenticated attackers to perform remote code execution, provided that they are located in the same network segment as the device. Data from Shodan shows that this vulnerability affects to at least 2,500 devices. According to Beyond Binary, the vulnerability was reported to Seagate, and has been published after the 100 days period initially established for public disclosure.
Seagate acknowledges NAS 0-day, announces patch for May.