Synology warns of critical Netatalk bugs in multiple products

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/synology-warns-of-critical-netatalk-bugs-in-multiple-products/
Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities.


"Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM)," Synology said.
Click to expand...

Patches coming within 90 days​

The NCC Group's EDG team exploited the security flaw (tracked as CVE-2022-23121 and rated with a 9.8/10 severity score) to achieve remote code execution without authentication on a Western Digital PR4100 NAS running My Cloud OS firmware during the Pwn2Own contest.

Synology highlighted three other bugs in today's warning (i.e., CVE-2022-23125, CVE-2022-23122, CVE-2022-0194) that have also received identical severity ratings.
They're also enabling unauthenticated attackers to execute arbitrary code remotely on unpatched devices.

Even though the Netatalk development team has released security patches to address the flaws last month, Synology says that releases for some of the impacted products are still "ongoing."
Click to expand...
 
  • Like
Reactions: Nevi and Gandalf_The_Grey
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
    • Applause
ASUS urges customers to patch critical router vulnerabilities
Replies
2
Views
1,295
News Archive
blackice
blackice
Gandalf_The_Grey
    • Like
    • +Reputation
Security News December Android updates fix critical zero-click RCE flaw
Replies
0
Views
1,634
Security News
Gandalf_The_Grey
Gandalf_The_Grey
CyberTech
    • +Reputation
Security News Veeam warns of critical bugs in Veeam ONE monitoring platform
Replies
0
Views
1,292
Security News
CyberTech
CyberTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top