SambaCry: Unauthenticated RCE via shared library upload on writable Samba shares — EternalBlue equivalent for Linux/NAS devices. Update Samba to 4.6.4+. Set noexec on all Samba shares as compensating control. Widely exploited by Mirai variants targeting NAS devices.
Samba since version 3.5.0 and before 4.6.4, 4.5.10, 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. SambaCry.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →