Publish Time: 2022-04-28 13:32:54 UTC+8
Last Updated: 2022-05-18 10:03:14 UTC+8
Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM).
|Product||Severity||Fixed Release Availability|
|DSM 7.1||Critical||Upgrade to 7.1-42661-1 or above.|
|DSM 7.0||Critical||Upgrade to 7.0.1-42218-4 or above.|
|VS Firmware 2.3||Critical||Ongoing|
|SRM 1.2||Critical||Upgrade to 1.2.5-8227-5 or above.|
Netatalk provides file access through AFP (Apple Filing Protocol) on DSM. This service has been disabled by default since DSM 7.0. We recommend using SMB protocol instead when connecting from macOS.
For Synology systems not yet upgraded to DSM 7.1-42661-1 or newer, administrators can disable "AFP service" to mitigate this specific vulnerability. In environments where AFP is still needed, setting up firewall rules to only allow trusted clients to connect over AFP (port 548) can be used as temporary mitigation.
- Netatalk 3.1.13
|1||2022-04-28||Initial public release.|
|2||2022-05-01||Updated Mitigation for Support.|
|3||2022-05-14||Update for SRM 1.2 is now available in Affected Products.|
|4||2022-05-18||Update for DSM 7.0 is now available in Affected Products.|