A consideration, based on this thread information:
I have exposed almost 3M NASes. And there may be many more because there is no scan of the whole internet.
I know from the Shodan report list of their IP addresses.
I can make a script in PY that will examine it all over again.
I can get S/N, model, port opened for all the IP addresses. Really valuable csv for a deep analyse.
I will compare these data by my DB of users/devices that I have registered for each account.
I have email addresses for them.
I have everything that I need for these steps. Almost free of charge. Need a day or two.
Since the NAS owners will usually not be skilled admins, I can offer them (target group) a centralized download of small .sh that will run a deeper assessment. I can collect these verdicts in my lab. I will analyze and create a central segmented patch according to the problem areas.
However, I will first create a script to disable the SSDP response from the WAN (firewall rule settings). No one needs this feature for the WAN. Only allow it to run via SSH for the admin account. Done.
I don't have to be an expert in security networking for this consideration.
I can monetize this service as the most secure NAS vendor in the SOHO market by PR.
1000x better than the whole pointless circus about the DSM7.
Edit:
+ new 12ths of new IPs in the report during this weekend