Netatalk flaws have been discovered by Synology and QNAP, warning issued.

Published by


Users of Synology and QNAP NAS equipment are being warned about major Netatalk vulnerabilities in their operating systems. Both firms are developing patches to address the issues.

According to Synology's website, there are various vulnerabilities in Netatalk that allow hackers to remotely "obtain sensitive information and perhaps execute arbitrary code." As a result, the vulnerabilities exist in various versions of Synology's DiskStation Manager operating system, VS Firmware 2.3, and Synology Router Manager 1.2.

Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM).

Affected Products

ProductSeverityFixed Release Availability
DSM 7.1 Critical Upgrade to 7.1-42661-1 or above.
DSM 7.0 Critical Ongoing
DSM 6.2 Critical Ongoing
VS Firmware 2.3 Critical Ongoing
SRM 1.2 Critical Ongoing


Upon the latest release of Netatalk 3.1.13, the Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software: CVE-2021-31439, CVE-2021-31439, CVE-2022-23121, CVE-2022-23123, CVE-2022-23122, CVE-2022-23125, CVE-2022-23124, and CVE-2022-0194.

These vulnerabilities currently affect the following QNAP operating system versions:

  • QTS 5.0.x and later
  • QTS 4.5.4 and later
  • QTS 4.3.6 and later
  • QTS 4.3.4 and later
  • QTS 4.3.3 and later
  • QTS 4.2.6 and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.4 and later
  • QuTScloud c5.0.x

We have already fixed the vulnerabilities in the following versions of QTS:

  • QTS build 20220419 and later

QNAP is thoroughly investigating the case. We will release security updates for all affected QNAP operating system versions and provide further information as soon as possible.

Share this content
Twitter Facebook Reddit WhatsApp Email Print