Zero-day vulnerabilities in Netatalk affect NAS products from Synology, QNAP and Western Digital. Protect your storage solutions before they’re encrypted with ransomware

Several manufacturers of network-attached storage (NAS) solutions have alerted their customers to the detection of critical vulnerabilities in Netatalk. The exploitation of these flaws was demonstrated in one of the most recent versions of the Pwn2Own ethical hacking event, and they affect the devices of manufacturers such as Synology, QNAP and Western Digital.

The security alert mentions that at least six of the bugs reported in Pwn2Own reside in Netatalk, the open-source Apple Filing Protocol (AFP) file server. Many of the flaws could be exploited remotely by unauthenticated threat actors, which would completely compromise the affected devices.

In late March, security teams at Netatalk released patches to address seven vulnerabilities, tracked as CVE-2021-31439, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, and CVE-2022-0194.

The last Netatalk update was released in December 2018, so some manufacturers who resort to this solution assumed that the project was no longer being maintained. Such is the case with Western Digital, which released firmware updates to remove Netatalk; Western Digital products use Netatalk for access to network shares.

Netatalk began work on the fixes after the demonstration of the attack on Pwn2Own, so QNAP determined that some of its own NAS products could also be affected. This week, QNAP announced that updates for its QTS operating system would be available in the coming days; meanwhile, the company recommends customers disable AFP to mitigate the risk of exploitation.

On the other hand, Synology concluded that these errors could affect its DiskStation Manager and Synology Router Manager products. While an update is already available for DiskStation Manager, Router Manager solutions have not received security patches yet.

Although no active exploitation attempts have been detected so far, it is important to remember that NAS deployments are frequent targets of cybercriminal groups, especially ransomware operations and data theft, so it is critical that companies fix these flaws before it is too late.  

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.