Synology and QNAP warn of critical Netatalk vulnerabilities
Synology and QNAP are warning users of critical Netatalk vulnerabilities in the operating systems for their NAS devices. Both companies are working on updates to fix the vulnerabilities.
Synology writes on its website That there are multiple vulnerabilities in Netatalk, allowing remote hackers to “gain sensitive information and potentially execute arbitrary code.” The vulnerabilities are therefore in different versions of Synology’s DiskStation Manager operating system, VS Firmware 2.3 and Synology Router Manager 1.2.
Netatalk is an open source implementation of Apple Filing Protocol, which allows Unix-like systems to function as an AppleShare server, which can be accessed by macOS computers. The security vulnerabilities have been fixed in Netatalk version 3.1.13 and Synology is currently working on updates to implement this patch on vulnerable NAS systems. The company has already updated DSM 7.1. Patches for the other versions are currently being worked on, the company says.
QNAP reported earlier this week that several versions of its QTS software are vulnerable to the Netatalk security flaws. This also applies to certain versions of QuTS hero and QuTScloud c5.0. The company has already updated QTS 4.5.4 and is also working on patches for “all affected QNAP OS versions”. The company says it will provide more information as soon as possible. In the meantime, users can disable the Apple Filing Protocol on their NAS, says QNAP.
Nas manufacturer | Synology | QNAP |
Vulnerable | DSM 7.1 DSM 7.0 DSM 6.2 USA Firmware 2.3 SRM 1.2 |
QTS 5.0.x or newer QTS 4.5.4 or newer QTS 4.3.6 or later QTS 4.3.4 or newer QTS 4.3.3 or later QTS 4.2.6 or later QuTS hero h5.0.x or newer QuTS hero h4.5.4 or newer QuTScloud c5.0.x |
Released patches (April 28, 2022) |
DSM 7.1 (7.1-42661-1 or newer) |
QTS 4.5.4 (4.5.4.2012 build 20220419 or newer) |