QNAP Advises

Network-attached storage space (NAS) home appliance manufacturer QNAP on Wednesday said it’s servicing upgrading its QTS and also QuTS running systems after Netatalk last month launched spots to have 7 safety and security problems in its software program.

Netatalk is an open-source application of the Apple Declaring Procedure (AFP), permitting Unix-like os to function as data web servers for Apple macOS computer systems.


On March 22, 2022, its maintainers launched version 3.1.13 of the software program to fix significant safety and security problems – CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, and also CVE-2022-0194— that might be made use of to accomplish approximate code implementation.

Network-attached storage

” This susceptability [CVE-2022-23121] can be made use of from another location and also does not require verification,” NCC Team scientists noted last month. “It permits an assaulter to obtain remote code implementation as the ‘no one’ customer on the NAS. This customer can access personal shares that would generally need verification.”

QNAP kept in mind that the Netatalk susceptabilities influence the complying with os variations –

  • QTS 5.0.x and also later on
  • QTS 4.5.4 and also later on
  • QTS 4.3.6 and also later on
  • QTS 4.3.4 and also later on
  • QTS 4.3.3 and also later on
  • QTS 4.2.6 and also later on
  • QuTS hero h5.0.x and also later on
  • QuTS hero h4.5.4 and also later on, and also
  • QuTScloud c5.0. x

Up until the updates are offered, the Taiwanese firm is advising individuals to disable AFP. The problems have actually been covered until now in QTS develop 20220419 and also later on.

The disclosure shows up much less than a week after QNAP stated it’s examining its item schedule for prospective influence emerging from 2 safety and security susceptabilities that were resolved in the Apache HTTP web server last month.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.