Articles Synology and QNAP warn about bugs in their products

Synology and QNAP warn about bugs in their products

-

Companies have reported numerous critical Netatalk server vulnerabilities.

Based on a published report , multiple flaws allow remote attackers to obtain sensitive information and possibly execute arbitrary code using a vulnerable version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM)

On March 22, Netatalk developers released version 3.1.13 to fix bugs in several Synology products:

  • DSM 7.1
  • DSM7.0
  • DSM 6.2
  • VS Firmware 2.3
  • SRM 1.2

The manufacturer notified customers of three other vulnerabilities CVE-2022-23125 , CVE-2022-23122 , CVE-2022-0194 , which allows a remote attacker to run arbitrary code on target devices.

While the Netatalk development team released security patches last month to fix the flaws, Synology says some of the affected products are still “in progress”.

The company also added that the Netatalk vulnerabilities have already been patched for devices running DiskStation Manager (DSM) 7.1 or later.

The Taiwanese supplier QNAP also urged experts to disable the AFP protocol on network storage (Network Attached Storage, NAS) until the deficiencies are fixed. In addition, the company announced a fix for a vulnerability in QTS 4.5.4.2012 build 20220419 and later.

“QNAP is thoroughly investigating the identified issues. We will release security updates for all affected versions of the QNAP operating system and provide additional information as soon as possible,” the NAS manufacturer said.

Netatalk is a free and open source implementation of the Apple Filing Protocol (AFP) that allows Unix-like operating systems to be used as a file server for macOS computers.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you