Netatalk flaws have been discovered by Synology and QNAP, warning issued.

Users of Synology and QNAP NAS equipment are being warned about major Netatalk vulnerabilities in their operating systems. Both firms are developing patches to address the issues.




According to Synology's website, there are various vulnerabilities in Netatalk that allow hackers to remotely "obtain sensitive information and perhaps execute arbitrary code." As a result, the vulnerabilities exist in various versions of Synology's DiskStation Manager operating system, VS Firmware 2.3, and Synology Router Manager 1.2.

Synology
Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM).

Affected Products

ProductSeverityFixed Release Availability
DSM 7.1 Critical Upgrade to 7.1-42661-1 or above.
DSM 7.0 Critical Ongoing
DSM 6.2 Critical Ongoing
VS Firmware 2.3 Critical Ongoing
SRM 1.2 Critical Ongoing

QNAP

Upon the latest release of Netatalk 3.1.13, the Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software: CVE-2021-31439, CVE-2021-31439, CVE-2022-23121, CVE-2022-23123, CVE-2022-23122, CVE-2022-23125, CVE-2022-23124, and CVE-2022-0194.

These vulnerabilities currently affect the following QNAP operating system versions:


We have already fixed the vulnerabilities in the following versions of QTS:

QNAP is thoroughly investigating the case. We will release security updates for all affected QNAP operating system versions and provide further information as soon as possible.



Printed from: https://www.guru3d.com/story/netatalk-flaws-have-been-discovered-by-synology-and-qnapissued-a-warning/