Synology-SA-22:06 Netatalk

Publish Time: 2022-04-28 13:32:54 UTC+8

Last Updated: 2022-05-18 10:03:14 UTC+8

Severity
Critical
Status
Ongoing

Abstract

Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM).

Affected Products

Product Severity Fixed Release Availability
DSM 7.1 Critical Upgrade to 7.1-42661-1 or above.
DSM 7.0 Critical Upgrade to 7.0.1-42218-4 or above.
DSM 6.2 Critical Ongoing
VS Firmware 2.3 Critical Ongoing
SRM 1.2 Critical Upgrade to 1.2.5-8227-5 or above.

Mitigation

Netatalk provides file access through AFP (Apple Filing Protocol) on DSM. This service has been disabled by default since DSM 7.0. We recommend using SMB protocol instead when connecting from macOS.

For Synology systems not yet upgraded to DSM 7.1-42661-1 or newer, administrators can disable "AFP service" to mitigate this specific vulnerability. In environments where AFP is still needed, setting up firewall rules to only allow trusted clients to connect over AFP (port 548) can be used as temporary mitigation.

Detail

Reserved

Reference

Revision

Revision Date Description
1 2022-04-28 Initial public release.
2 2022-05-01 Updated Mitigation for Support.
3 2022-05-14 Update for SRM 1.2 is now available in Affected Products.
4 2022-05-18 Update for DSM 7.0 is now available in Affected Products.