What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
RAIDON

Qnap Security Advisory | Bulletin ID: QSA-22-12

Fixing multiple vulnerabilities in Netatalk

This is a Press Release edited by StorageNewsletter.com on May 2, 2022 at 2:01 pm

Qnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products.

Use the following information and solutions to correct the security issues and vulnerabilities.

Multiple vulnerabilities in Netatalk
Release date: April 25, 2022 
Security ID: QSA-22-12 
CVE identifier: CVE-2021-31439 | CVE-2022-23121 | CVE-2022-23123 | CVE-2022-23122 | CVE-2022-23125 | CVE-2022-23124 | CVE-2022-0194 
Affected products: Certain Qnap NAS 
Status: Fixing

Summary
Upon the latest release of Netatalk 3.1.13, the Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software: CVE-2021-31439, CVE-2021-31439, CVE-2022-23121, CVE-2022-23123, CVE-2022-23122, CVE-2022-23125, CVE-2022-23124, and CVE-2022-0194.

These vulnerabilities currently affect following Qnap OS versions:

  • QTS 5.0.x and later

  • QTS 4.5.4 and later

  • QTS 4.3.6 and later

  • QTS 4.3.4 and later

  • QTS 4.3.3 and later

  • QTS 4.2.6 and later

  • QuTS hero h5.0.x and later

  • QuTS hero h4.5.4 and later

  • QuTScloud c5.0.x

The company have already fixed vulnerabilities in following versions of QTS:

  • QTS 4.5.4.2012 build 20220419 and later

The firm is thoroughly investigating the case. The company will release security updates for all affected Qnap OS versions and provide further information as soon as possible.

Recommendation
To mitigate these vulnerabilities, disable AFP. We recommend users to check back and install security updates as soon as they become available.

Updating QTS, QuTS hero, or QuTScloud

  1. Log on to QTS, QuTS hero, or QuTScloud as administrator.

  2. Go to Control Panel > System > Firmware Update.

  3. Under Live Update, click Check for Update
    QTS, QuTS hero, or QuTScloud downloads and installs the latest available update. 

    Tip: You can also download the update from the Qnap website. Go to Support > Download Center and then perform a manual update for your specific device.

Revision history: V1.0 (April 25, 2022) – Published

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E