Synology and QNAP warn of critical Netatalk vulnerabilities

Spread the love

Synology and QNAP are warning users of critical Netatalk vulnerabilities in the operating systems for their NAS devices. Both companies are working on updates to fix the vulnerabilities.

Synology writes on its website That there are multiple vulnerabilities in Netatalk, allowing remote hackers to “gain sensitive information and potentially execute arbitrary code.” The vulnerabilities are therefore in different versions of Synology’s DiskStation Manager operating system, VS Firmware 2.3 and Synology Router Manager 1.2.

Netatalk is an open source implementation of Apple Filing Protocol, which allows Unix-like systems to function as an AppleShare server, which can be accessed by macOS computers. The security vulnerabilities have been fixed in Netatalk version 3.1.13 and Synology is currently working on updates to implement this patch on vulnerable NAS systems. The company has already updated DSM 7.1. Patches for the other versions are currently being worked on, the company says.

QNAP reported earlier this week that several versions of its QTS software are vulnerable to the Netatalk security flaws. This also applies to certain versions of QuTS hero and QuTScloud c5.0. The company has already updated QTS 4.5.4 and is also working on patches for “all affected QNAP OS versions”. The company says it will provide more information as soon as possible. In the meantime, users can disable the Apple Filing Protocol on their NAS, says QNAP.

Nas manufacturer Synology QNAP
Vulnerable DSM 7.1
DSM 7.0
DSM 6.2
USA Firmware 2.3
SRM 1.2
QTS 5.0.x or newer
QTS 4.5.4 or newer
QTS 4.3.6 or later
QTS 4.3.4 or newer
QTS 4.3.3 or later
QTS 4.2.6 or later
QuTS hero h5.0.x or newer
QuTS hero h4.5.4 or newer
QuTScloud c5.0.x
Released patches
(April 28, 2022)
DSM 7.1
(7.1-42661-1
or newer)
QTS 4.5.4
(4.5.4.2012 build 20220419
or newer)
You might also like