Friday, February 3, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Synology NAS devices are critically vulnerable

Synology NAS devices are critically vulnerable

Synology has made a warning regarding multiple critical Netatalk vulnerabilities on their NAS devices.


Rusen Gobel Rusen Gobel
April 29, 2022
2 min read
Synology NAS devices are critically vulnerable

The network-attached storage company Synology has warned its customers of the security flaws existing in the Netatalk protocol. The Netatalk protocol is being used to imitate AppleShare file servers for macOS client devices by running *NIX/*BSD. The vulnerabilities were first discovered in the Pwn2Own 2021 hacking contest. They were fixed by the Netatalk development team on the 22nd of March 2022 by releasing the 3.1.13 version.

Four vulnerabilities with CVSS 9.8 score

Netatalk has fixed the issues more than one month ago but Synology devices are still vulnerable

The critical security flaws, which can be tracked as CVE-2022-23121, CVE-2022-23125, CVE-2022-23122, and CVE-2022-0194, allow unauthenticated attackers to remotely execute arbitrary code. All of the vulnerabilities related to this issue are rated at 9.8 on the CVSS scale; meaning the vulnerabilities are critical and unpatched devices are in great danger. Those vulnerabilities are fixed on DiskStation Manager (DSM) 7.1; but the devices with DSM 7.0, DSM 6.2, VS Firmware 2.3, and SRM (Synology Router Manager) 1.2 remain unpatched.

Synology states that the development of the patch for the exposed devices is ongoing. The company generally fixes the security problems within 90 days after their advisory. If that’s to happen, the devices will remain exposed for while. The company did not provide any mitigation yet as well. Synology asks the customers to reach them via their support page if they want immediate assistance. You can follow the link below to ask for assistance with the unfixed critical vulnerabilities that allow remote code execution on your device:

Click here to reach Synology for assistance

Edit: Synology has reached us as they added a mitigation method. Here, you can read below:

« Netatalk provides file access through AFP (Apple Filing Protocol) on DSM. This service has been disabled by default since DSM 7.0. We recommend using SMB protocol instead when connecting from macOS.

For Synology systems not yet upgraded to DSM 7.1-42661-1 or newer, administrators can disable “AFP service” to mitigate this specific vulnerability. In environments where AFP is still needed, setting up firewall rules to only allow trusted clients to connect over AFP (port 548) can be used as temporary mitigation »

See more Cybersecurity News


Tags: Synology
Rusen Gobel

Rusen Gobel

Rusen Gobel is a news editor at Cloud7 News. With more than 10 years of experience, Rusen worked as a hardware and software news editor for technology sites such as Shiftdelete, Teknokolis, Hardware Plus, BT Haber. In addition, Rusen publishes consumer product reviews on his YouTube channel. While consumer electronics has been his main focus for years, now Rusen is more interested in WordPress and software development. He had contributed different web application projects in his professional career. Rusen had graduated from Istanbul University, department of Computer Engineering. Rusen has a very high passion for learning and writing for every kind of technology. That's why he has been working as a tech editor for more than ten years on several different technology magazines and online news portals.

Comments 2

  1. Kenneth Sim says:
    9 months ago

    Funny how this author failed to say that Synology is not the only NAS using this open source code, (Netatalk protoco). QNAP is also affect and any other NAS management software using this code.

    Reply
  2. Atalay Kelestemur says:
    9 months ago

    Hello Kenneth,
    Thank you for your response. The thing is at that time only Synology warned their users and informed them about the issue. So, thank you for informing the audience about QNAP and other NAS management software using this code are also affected.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Orca details the Azure Automation AutoWarp bug

[Event] How to innovate in the cloud with Microsoft Azure

Related News

Fortinet is expanding its SOC offerings portfolio

Fortinet is expanding its SOC offerings portfolio

February 3, 2023 2:00 pm
Radware announces a new partner program

Radware announces a new partner program

February 3, 2023 1:30 pm
APTs are looking for developers to hire with hefty paychecks

APTs are looking for developers to hire with hefty paychecks

February 1, 2023 2:30 pm
US extradites ShinyHunters hacker

US extradites ShinyHunters hacker

February 1, 2023 1:30 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • What is GNOME
  • LibreOffice 7.5 Community is released. What’s new?
  • NTT to add Palo Alto Networks’ solution to its portfolio
  • Gcore announces partnership with Super Protocol
  • Fortinet is expanding its SOC offerings portfolio

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.