Arbitrary code execution on affected installations of Netatalk (CVE-2022-43634)

Jun 28, 2023

Arbitrary code execution on affected installations of Netatalk in the dsi_writeinit function

Summary

This issue is being Investigated by Buffalo Engineering. A temporary workaround to prevent this from being exploited is to Disable AFP pending a permanent solution.

Vulnerability ID	Vulnerability Overview
CVE-2020-14318	A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

Affected Supported TeraStations

TS7010
TS6000
TS5020 / TS5010
TS3020 / TS3010

Back to Security Notices

Date	Description
6/28/2023	Initial release

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Case Studies

Blog & Helpful Tips

White Papers

Data Security

Webinars

Latest Article

Buffalo Americas Announces FIPS 140 CAVP Validation for Cryptographic Security on TeraStation 5020 and 7010 Series Network Storage

Get Support

Forums

Knowledge Base

Data Recovery

Security Notices

Warranty Information

Arbitrary code execution on affected installations of Netatalk (CVE-2022-43634)

Arbitrary code execution on affected installations of Netatalk in the dsi_writeinit function