Home » Technology » Synology and QNAP warn of critical Netatalk vulnerabilities – Computer – News

Synology and QNAP warn of critical Netatalk vulnerabilities – Computer – News

Synology and QNAP warn users of critical Netatalk vulnerabilities in the operating systems for their NAS devices. Both companies are working on updates to fix the vulnerabilities.

Synology writes on its website That there are multiple vulnerabilities in Netatalk, allowing remote hackers to “gain sensitive information and potentially execute arbitrary code.” The vulnerabilities are therefore in different versions of Synology’s DiskStation Manager operating system, VS Firmware 2.3 and Synology Router Manager 1.2.

Netatalk is an open source implementation of Apple Filing Protocol, which allows Unix-like systems to function as an AppleShare server, which can be accessed by macOS computers. The security vulnerabilities have been fixed in Netatalk version 3.1.13 and Synology is currently working on updates to implement this patch on vulnerable NAS systems. The company has already updated DSM 7.1. Patches for the other versions are currently being worked on, the company says.

QNAP reported earlier this week that several versions of its QTS software are vulnerable to the Netatalk security flaws. This also applies to certain versions of QuTS hero and QuTScloud c5.0. The company has already updated QTS 4.5.4 and the company is also working on patches for “all affected QNAP OS versions”. The company says it will provide more information as soon as possible. In the meantime, users can disable the Apple Filing Protocol on their NAS, QNAP says.

Nas manufacturer Synology QNAP
Vulnerable DSM 7.1
DSM 7.0
DSM 6.2
VS Firmware 2.3
SRM 1.2
QTS 5.0.x of nieuwer
QTS 4.5.4 or newer
QTS 4.3.6 or later
QTS 4.3.4 or newer
QTS 4.3.3 or later
QTS 4.2.6 or later
QuTS hero h5.0.x of nieuwer
QuTS hero h4.5.4 of nieuwer
QuTScloud c5.0.x
Released patches
(28 april 2022)
DSM 7.1
(7.1-42661-1
or newer)
QTS 4.5.4
(4.5.4.2012 build 20220419
or newer)

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.