Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts


The utilities at SmallNetbuilder's web site can generate an almost infinite variety of performance charts but to give you a head-start, I generated a few myself, with some other BYOD two-drive NAS devices. I chose the Qnap TS-209, D-Link DS-323, and ZyXEL NSA-220 with the products configured in JBOD mode. The TS-209 is a higher-end unit than the others, but I threw it in just as a relative comparison.


  • The maximum raw data rate for 100Mbps Ethernet is 12500 KBytes/sec (12.5 MBytes/sec) and 125000 KBytes/sec (125 MBytes/sec) for gigabit
  • Firmware version tested was 1.00.17
  • The Western Digital drives supplied by Trendnet were a WD800AAJS and a WD800JD
  • The full testing setup and methodology are described on this page

100 Mbps Write

Figure 18: TS-S402 100 Mbps Write

100 Mbps Read

Figure 19: TS-S402 100 Mbps Read

1000 Mbps Write

Figure 20: TS-S402 1000 Mbps Write

1000 Mbps Read

Figure 21: TS-S402 1000 Mbps Read

You can see that, overall, the Qnap TS-209 is faster than all the low-end NASes. And also in general, the S402 seems to fare poorly in writes and do somewhat better comparatively, with reads.

Under the Covers

Figure 22 shows the main board of the S402.

Main Board
Click to enlarge image

Figure 22: TS-S402 Main Board

As you can see, the main processor chip is covered, but Trendnet documents it to be a Marvell 88F5182 Orion processor. a popular NAS System-on-Chip (SoC). This SoC is an ARM-based and includes SATA support and USB 2.0 ports. The 10/100/1000 Ethernet port is via a Marvell 88E1118. As mentioned earlier, Trendnet has chosen to not enable jumbo frame support.

The S402, like most other consumer-level NASes, runs Linux. Trendnet even mentions a Linux kernel version number on its web site. But to check it out at a deeper level, I started my usual poking around.

First, I attempted to figure out a way to make the top-level directory sharable so that I could see the entire operating system structure. To do this, I intercepted the share creation arguments using argument-modifying http proxy and modified the share. This failed and thew an error. Trendnet was apparently checking the arguments on the server-side as they should be.

So, I had to turn to a different mechanism. One common flaw I find in consumer NASes is in the handling of the alert email address. All too often, whatever you pass in gets blindly sent to a script that sends out the email. To see if the TS402 was susceptible to such a hole, I modified my email address to add a command, bracketed in back-tics as shown in Figure 23. If this were accepted and passed on, my "" script would get executed when email was sent.

Hacking the alert mechanism

Figure 23: TS-S402 Hacking the alert mechanism

In my script, I first executed a simple "ps" command with the output redirected to a file to show all running processes. Then I did a recursive listing of all files on the system, once again with the output redirected to a file.

My next problem was getting the box to send email since there was no "test" button that I usually like to see. Up to now, I hadn't gotten any email so I didn't know under what circumstances email would be sent. If anything, email should be sent when a disk fails, so once again I yanked the cable from a drive. And when I went back to see if my new files had been created, voila!

From here it was a short path to take complete control of the S402. First I searched for a telnet daemon and found one in the /usr/sbin directory. Then I modified my script to fire it up, and when I yanked a drive again, I was in. (Figure 24)

Telnet Access

Figure 24: TS-S402 Telnet Access

Getting root access was as easy as issuing a su command, since the root account had no password! As I poked around I saw a number of interesting things. First, the S402 appeared to have 64 MB of RAM instead of the 32 listed on Trendnet's web site. And the Linux kernel was version instead of a 2.4.25 kernel as listed in the specs.

A list of the running processes showed an undocumented rsync backup daemon running. Rsync is a nice feature to have, but it really needs to be configured properly. A quick rsync test from my Mac showed that it would give read and write access to all the files on a share, from any box on the LAN no password required. Oops! Definitely something good to know.

More poking around showed that the iTunes support was via Firefly and that it was running a broken configuration web server on port 3600 with an admin password of 111. The UPnP A/V support was provided by uShare. Digging around the log files showed why my email alerts were failing. The following error message was found in a system log:

    <root@nas> sender rejected : 
    invalid sender domain <root@nas> sender rejected :
    invalid sender domain

Evidently Comcast, my ISP, didn't like the way the S402 was sending email (with an invalid domain name) and rejected its attempt. Poking around more showed a standard set of utilities such as Samba, busybox, boa, etc. With all of this GPL software in use, Trendnet is bound by license to priovide source code, but I could find none on either the web site or on the delivered CD. Hopefully this was an oversight by Trendnet that will be corrected soon.

Closing Thoughts

The S402 is a decent NAS with a street-price as low as $170, which is about the same price as the, Dlink DNS-323 and a bit cheaper than the $210 ZyXel NSA-220 I reviewed recently.

All three of these products are based around a similar Marvell chip and design. Feature-set wise, the S402 lacks jumbo Ethernet frame support and doesn't include a backup software package. But otherwise is similar to these other entry-level NASes.

As for build-quality, the S402 didn't seem nearly as solid as the NSA-220 and was noisier to boot. And for performance, the S402 lags a bit behind both the ZyXel and the DLink and is far behind more expensive dual-drive NASes that tend to be in the $350 neighborhood.

Although the S402 has some nice capabilities, it has bugs and little to make it stand out from the crowd. So if you're looking for a low-end, dual-drive, BYOD NAS, I'd recommend considering either the D-Link DNS-323 or ZyXel NSA-220 before the S402.

Check out the slideshow See the slideshow

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2