Companies have reported numerous critical Netatalk server vulnerabilities.
Based on a published report , multiple flaws allow remote attackers to obtain sensitive information and possibly execute arbitrary code using a vulnerable version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM)
On March 22, Netatalk developers released version 3.1.13 to fix bugs in several Synology products:
- DSM 7.1
- DSM7.0
- DSM 6.2
- VS Firmware 2.3
- SRM 1.2
The manufacturer notified customers of three other vulnerabilities CVE-2022-23125 , CVE-2022-23122 , CVE-2022-0194 , which allows a remote attacker to run arbitrary code on target devices.
While the Netatalk development team released security patches last month to fix the flaws, Synology says some of the affected products are still “in progress”.
The company also added that the Netatalk vulnerabilities have already been patched for devices running DiskStation Manager (DSM) 7.1 or later.
The Taiwanese supplier QNAP also urged experts to disable the AFP protocol on network storage (Network Attached Storage, NAS) until the deficiencies are fixed. In addition, the company announced a fix for a vulnerability in QTS 4.5.4.2012 build 20220419 and later.
“QNAP is thoroughly investigating the identified issues. We will release security updates for all affected versions of the QNAP operating system and provide additional information as soon as possible,” the NAS manufacturer said.
Netatalk is a free and open source implementation of the Apple Filing Protocol (AFP) that allows Unix-like operating systems to be used as a file server for macOS computers.