Synology warns of critical Netatalk bugs in multiple products

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities.


"Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM)," Synology said.

Patches coming within 90 days​

The NCC Group's EDG team exploited the security flaw (tracked as CVE-2022-23121 and rated with a 9.8/10 severity score) to achieve remote code execution without authentication on a Western Digital PR4100 NAS running My Cloud OS firmware during the Pwn2Own contest.

Synology highlighted three other bugs in today's warning (i.e., CVE-2022-23125, CVE-2022-23122, CVE-2022-0194) that have also received identical severity ratings.
They're also enabling unauthenticated attackers to execute arbitrary code remotely on unpatched devices.

Even though the Netatalk development team has released security patches to address the flaws last month, Synology says that releases for some of the impacted products are still "ongoing."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top