Synology has issued a warning to consumers that certain of its network-attached storage (NAS) equipment are vulnerable to attacks that make use of numerous critical Netatalk flaws.
“Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM),” said Synology.
Netatalk is an open-source AFP (Apple Filing Protocol) implementation that enables *NIX/*BSD computers to operate as AppleShare file servers (AFP) for macOS clients (i.e., to access files stored on Synology NAS devices). The Netatalk development team rectified the security flaws in version 3.1.1, published on March 22, three months after they were initially revealed and exploited at the Pwn2Own 2021 hacking competition.
During the Pwn2Own challenge, the NCC Group’s EDG team used the security weakness (recorded as CVE-2022-23121 and with a severity score of 9.8/10) to get remote code execution without authentication on a Western Digital PR4100 NAS running My Cloud OS firmware. In the latest warning, Synology mentioned three more flaws (CVE-2022-23125, CVE-2022-23122, and CVE-2022-0194) with comparable severity ratings.
They also make it possible for unauthenticated attackers to remotely execute arbitrary code on unpatched devices. Even though the Netatalk development team published security fixes to address the weaknesses last month, Synology states that some of the vulnerable devices’ releases are still “ongoing.”
Synology said last year that it usually releases fixes for impacted software within 90 days of releasing warnings, though it doesn’t specify an expected schedule for any subsequent changes. According to the company, the Netatalk vulnerabilities have already been patched for appliances running DiskStation Manager (DSM) 7.1 or later.
|Product||Severity||Fixed Release Availability|
|DSM 7.1||Critical||Upgrade to 7.1-42661-1 or above.|
|VS Firmware 2.3||Critical||Ongoing|