Abstract
Network-Attached Storage (NAS) devices are a popular way for people to store and share their photos, videos and documents. Securing these devices is essential as they can contain sensitive information and are often exposed to the Internet. Because Synology is one of the top manufacturers of NAS devices, we chose to analyze a Synology DS215j. In doing so we were able to identify a number of exploitable security flaws. In this paper, we discuss in detail the analysis performed, methodologies used, and vulnerabilities found during the summer of 2015.