Synology and QNAP: Netatalk for Apple Protocols with Security Vulnerabilities

Synology and QNAP NAS systems are affected by their security vulnerabilities nettalk To support Apple network protocols. QNAP and Synology provided the first updates to fill in the gaps as quickly as possible.

The vulnerabilities, sometimes categorized as critical, are caused by the use of an older version of Netatalk by both manufacturers, as gaps that were already closed in the current version still exist.

All versions are affected, and many updates are still missing

According to QNAP OS versions are QTS 5.0.x and later, 4.5.4 and later, 4.3.6 and later, 4.3.4 and later, 4.3.3 and later 4.2.6 and later, and QuTS hero h5.0.x and later, QuTS hero h4.5.4 is affected and later versions and QuTScloud c5.0.x have vulnerabilities. The first updates are available as QTS 4.5.4.2012 Build 20220419, further updates should appear as soon as possible for all affected versions. In addition to updating via the web interface of the NAS, users can also Check the QNAP Support section for the latest version of QTS.

Synology im Security Consulting List Synology-SA-22: 06 Netatalk Disk Station Manager 6.2 (DSM), DSM 7.0 and DSM 7.1 as well as VS Firmware 2.3 and Synology Router Manager 1.2 (SRM). The update that updates Netatalk is only available for DSM 7.1 in the form of 7.1-42661-1 or later. Synology also has updates on The site is available for download.

Malicious code can be executed

The vulnerabilities mean, among other things, that attackers can sometimes execute malicious code with root rights on a NAS (CVE-2022-23121And CVE-2022-23122And CVE-2022-23125 And CVE-2022-0194).

Temporarily disable AFP functions

As long as there is no update available for your particular device that fills Netatalk vulnerabilities, the AFP functions must be deactivated via the NAS web interface.