• Latest
  • Trending
QNAP warns users to disable AFP until it fixes critical bugs

QNAP warns users to disable AFP until it fixes critical bugs

April 28, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

QNAP warns users to disable AFP until it fixes critical bugs

by ITECHNEWS
April 28, 2022
in Leading Stories, Tech
0 0
0
QNAP warns users to disable AFP until it fixes critical bugs

Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities.

Netatalk is an open-source implementation of AFP (short for Apple Filing Protocol) that enables *NIX/*BSD systems to act as an AppleShare file server (AFP) for macOS clients.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

On QNAP NAS devices, AFP allows macOS systems to access data on the NAS. According to QNAP, it’s still used because it “supports many unique macOS attributes that are not supported by other protocols.”

NCC Group’s EDG team members exploited one of these security flaws, tracked as CVE-2022-23121 and rated with a 9.8/10 severity score, to achieve remote code execution without authentication during the Pwn2Own 2021 hacking competition on a Western Digital PR4100 NAS running My Cloud OS firmware.

Three of the other bugs QNAP warned its customers about also received 9.8/10 severity ratings (i.e., CVE-2022-23125, CVE-2022-23122, CVE-2022-0194), all of them also allowing unauthenticated attackers to execute arbitrary code remotely without requiring authentication on unpatched devices.

On March 22, the Netatalk development team released version 3.1.13 to fix these security bugs, three months after the flaws were reported following the Pwn2Own contest.

QNAP says the Netatalk vulnerabilities (fixed in QTS 4.5.4.2012 build 20220419 and later) impact the following operating system versions:

  • QTS 5.0.x and later
  • QTS 4.5.4 and later
  • QTS 4.3.6 and later
  • QTS 4.3.4 and later
  • QTS 4.3.3 and later
  • QTS 4.2.6 and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.4 and later
  • QuTScloud c5.0.x

QNAP: Disable AFP until firmware gets patched

“QNAP is thoroughly investigating the case. We will release security updates for all affected QNAP operating system versions and provide further information as soon as possible,” the NAS maker said.

“To mitigate these vulnerabilities, disable AFP. We recommend users to check back and install security updates as soon as they become available.”

To disable AFP on your QTS or QuTS hero NAS device, you will have to go to Control Panel > Network & File Services > Win/Mac/NFS/WebDAV > Apple Networking and select Disable AFP (Apple Filing Protocol).

QNAP is also working on addressing a Linux vulnerability dubbed ‘Dirty Pipe’ actively exploited in attacks that allows gaining root privileges and a high severity OpenSSL bug that can lead to denial of service (DoS) states and remote crashes.

While the Dirty Pipe flaw remains to be fixed for NAS devices running QuTScloud c5.0.x, QNAP has only released QTS security updates for the OpenSSL DoS flaw it warned customers about one month ago.

One week ago, customers were also told to mitigate a pair of critical Apache HTTP Server bugs added to the queue of vulnerabilities that need to be addressed for devices running QTS, QuTS hero, and QuTScloud.

Source: Sergiu Gatlan
Via: bleepingcomputer
Tags: QNAP warns users to disable AFP until it fixes critical bugs
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version