1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Synology warns NAS users over multiple critical vulnerabilities

    From TechnologyDaily@1337:1/100 to All on Fri Apr 29 16:15:04 2022
    Synology warns NAS users over multiple critical vulnerabilities

    Date:
    Fri, 29 Apr 2022 10:33:57 +0000

    Description:
    The flaws allow for remote code execution and data exfiltration.

    FULL STORY ======================================================================

    Network-attached storage ( NAS ) specialist Synology has warned its customers that some of its products are vulnerable to a number of critical vulnerabilities.

    "Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM)," said the firm in an advisory.

    The issues were discovered in Netatalk, an open source implementation of the Apple Filing Protocol, transforming Unix-like operating systems into file servers .

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. No patch yet

    The Netatalk team fixed the issues roughly a month ago, with version 3.1.1., BleepingComputer reported. However, Synology says that releases for some of its affected endpoints are yet to roll out.

    In total, four flaws seem to be plaguing Synologys NAS appliances , all of which received a severity score of 9.8/10.

    Synology didnt provide any deadlines by which it expects the patches to be issued, but BleepingCompute r says that the company usually delivers on such things within three months of the vulnerability being disclosed.

    Furthermore, NAS appliances running DiskStation Manager (DSM) 7.1.or later have already been patched, it was said. Read more

    Latest reviews of Network attached storage (NAS)


    Asustor NAS devices hit by Deadbolt ransomware attack


    QNAP NAS owners are under attack once again

    Less than a week ago, QNAP, another NAS vendor, discovered vulnerabilities in its products.

    Discovered in Apache HTTP Server 2.4.52 and earlier, the bugs could be used
    to perform low complexity attacks that dont require victim interaction.

    QNAP warned NAS owners to apply known mitigations, advising them to keep the default value "1M" for LimitXMLRequestBody, and disable mod_sed, as these two things effectively plug the holes.

    QNAP also said the mod_sed in-process content filter is disabled by default
    in Apache HTTP Server on NAS devices running the QTS operating system.

    "CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device,
    the company said at the time. Shield against attack with the best endpoint protection services

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/synology-warns-nas-users-over-multiple-critical -vulnerabilities/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)