Home Network Attached Storage devices (NAS) are gaining in popularity because of the simplicity they offer to manage ever-growing amounts of personal data. The device's functionality is extending beyond a data store, adding functionality to become the central content management system, multimedia center, network management point and even automation hub for the home and small business. The devices offer accessibility to local and remote users as well as to untrusted users via data shares. These capabilities expose all stored data and the device itself to outside/remote attackers. This talk will demonstrate NEON TOOL; by leveraging multiple vulnerabilities, it allows a remote attacker to gain root access on a popular home NAS device. The talk will cover the problems that XSS, in conjunction with other weaknesses, can create. It will address how these vulnerabilities were uncovered, possible mitigations, how to work responsibly with the vendor to ensure a timely resolution and an investigation into the fixes employed.