Synology currently uses an older version of Netatalk used to run Apple network protocols. As a result, some critical vulnerabilities have been found, which Qnap warned earlier this week. Attackers can remotely obtain sensitive data and potentially execute code.
Disk Station Manager 6.2, 7.0, and 7.1, as well as VS Firmware 2.3 and Synology Router Manager 1.2 are affected. Version 7.1-42661-1 for DSM 7.1 now ships with bug fixed. Other updates are still being worked on. Updates can be downloaded from Synology’s download page with the correct device and the version number must be selected. In the nas or router’s user interface, you must manually search for an update and install the downloaded file.
QuTScloud c5 with Qnap, QTS 4.2.6, 4.3.3, 4.3.4, 4.3.6, 4.5.4, 5.0.x and newer as well as QuTS hero h4.5.4 and h5.0.x and newer affects .0. .X. There is only one update here for now, QTS 4.5.4.2012 Build 20220419. Other fixes are still being worked on. Updates can be installed by searching Firmware Update Settings for an available update. It is recommended that you temporarily disable the Apple Filing Protocol if it is not yet available.
Sources: heise(1), (2)
Source: Hardware Info
