To: All Users
As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Synology and QNAP have recently released several security advisories for Synology DiskStation Manager (DSM), Synology Router Manager (SRM), and QNAP NAS. If you are using the related products, please update them as soon as possible to prevent hackers from exploiting these vulnerabilities.
Related vulnerabilities
- Synology-SA-22:06 Netatalk Vulnerabilities (CVE-2022-0194, CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23123 and CVE-2022-23125)
Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code.
Affected Products:
Synology DiskStation Manager 7.1
Synology DiskStation Manager 7.0
Synology DiskStation Manager 6.2
Synology Router Manager 1.2
VS Firmware 2.3
- QNAP NAS: Netatalk Vulnerabilities (CVE-2021-31439, CVE-2022-23121, CVE-2022-23123, CVE-2022-23122, CVE-2022-23125, CVE-2022-23124 and CVE-2022-0194)
Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code.
Affected Products:
QTS 5.0.x and later versions
QTS 4.5.4 and later versions
QTS 4.3.6 and later versions
QTS 4.3.4 and later versions
QTS 4.3.3 and later versions
QTS 4.2.6 and later versions
QuTS hero h5.0.x and later versions
QuTS hero h4.5.4 and later versions
QuTScloud c5.0.x
Mitigation
- Perform backup for the important data and update the related products of Synology and QNAP NAS as soon as possible;
- Strengthen the network protection, detection and monitoring of NAS devices and consider to perform data backup regularly in order to reduce risk and loss.
Reference
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
Email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office |