Security News > 2022 > April > Synology warns of critical Netatalk bugs in multiple products
Synology has warned customers that some of its network-attached storage appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities.
"Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager and Synology Router Manager," Synology said.
The Netatalk development team addressed the security bugs in version 3.1.1, released on March 22, three months after the Pwn2Own 2021 hacking competition, where they were first disclosed and exploited.
Synology highlighted three other bugs in today's warning that have also received identical severity ratings.
Even though the Netatalk development team has released security patches to address the flaws last month, Synology says that releases for some of the impacted products are still "Ongoing."
QNAP said the Netatalk vulnerabilities impact multiple QTS and QuTS hero operating system versions and QuTScloud, the company's cloud-optimized NAS operating system.