ASUS GeForce RTX 3080 Noctua OC review
AMD Ryzen 5 5600 review
PowerColor RX 6650 XT Hellhound White review
FSP Hydro PTM Pro (1200W PSU) review
ASUS ROG Radeon RX 6750 XT STRIX review
AMD FidelityFX Super Resolution 2.0 - preview
Sapphire Radeon RX 6650 XT Nitro+ review
Sapphire Radeon RX 6950 XT Sapphire Nitro+ Pure review
Sapphire Radeon RX 6750 XT Nitro+ review
MSI Radeon RX 6950 XT Gaming X TRIO review
Netatalk flaws have been discovered by Synology and QNAP, warning issued.
Users of Synology and QNAP NAS equipment are being warned about major Netatalk vulnerabilities in their operating systems. Both firms are developing patches to address the issues.
According to Synology's website, there are various vulnerabilities in Netatalk that allow hackers to remotely "obtain sensitive information and perhaps execute arbitrary code." As a result, the vulnerabilities exist in various versions of Synology's DiskStation Manager operating system, VS Firmware 2.3, and Synology Router Manager 1.2.
Synology
Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 7.1 | Critical | Upgrade to 7.1-42661-1 or above. |
| DSM 7.0 | Critical | Ongoing |
| DSM 6.2 | Critical | Ongoing |
| VS Firmware 2.3 | Critical | Ongoing |
| SRM 1.2 | Critical | Ongoing |
QNAP
Upon the latest release of Netatalk 3.1.13, the Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software: CVE-2021-31439, CVE-2021-31439, CVE-2022-23121, CVE-2022-23123, CVE-2022-23122, CVE-2022-23125, CVE-2022-23124, and CVE-2022-0194.
These vulnerabilities currently affect the following QNAP operating system versions:
- QTS 5.0.x and later
- QTS 4.5.4 and later
- QTS 4.3.6 and later
- QTS 4.3.4 and later
- QTS 4.3.3 and later
- QTS 4.2.6 and later
- QuTS hero h5.0.x and later
- QuTS hero h4.5.4 and later
- QuTScloud c5.0.x
We have already fixed the vulnerabilities in the following versions of QTS:
- QTS 4.5.4.2012 build 20220419 and later
QNAP is thoroughly investigating the case. We will release security updates for all affected QNAP operating system versions and provide further information as soon as possible.
Click here to post a comment for this news story on the message forum.