Network-attached storage space (NAS) home appliance manufacturer QNAP on Wednesday said it’s servicing upgrading its QTS and also QuTS running systems after Netatalk last month launched spots to have 7 safety and security problems in its software program.
On March 22, 2022, its maintainers launched version 3.1.13 of the software program to fix significant safety and security problems – CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, and also CVE-2022-0194— that might be made use of to accomplish approximate code implementation.
” This susceptability [CVE-2022-23121] can be made use of from another location and also does not require verification,” NCC Team scientists noted last month. “It permits an assaulter to obtain remote code implementation as the ‘no one’ customer on the NAS. This customer can access personal shares that would generally need verification.”
QNAP kept in mind that the Netatalk susceptabilities influence the complying with os variations –
- QTS 5.0.x and also later on
- QTS 4.5.4 and also later on
- QTS 4.3.6 and also later on
- QTS 4.3.4 and also later on
- QTS 4.3.3 and also later on
- QTS 4.2.6 and also later on
- QuTS hero h5.0.x and also later on
- QuTS hero h4.5.4 and also later on, and also
- QuTScloud c5.0. x
Up until the updates are offered, the Taiwanese firm is advising individuals to disable AFP. The problems have actually been covered until now in QTS 22.214.171.1242 develop 20220419 and also later on.
The disclosure shows up much less than a week after QNAP stated it’s examining its item schedule for prospective influence emerging from 2 safety and security susceptabilities that were resolved in the Apache HTTP web server last month.