Synology, QNAP, WD Warn Users About Vulnerabilities Exploited at Hacking Contest


The vulnerabilities were disclosed at the Zero Day Initiative’s Pwn2Own Austin contest in November 2021, where participants earned more than $1 million for hacking routers, printers, smart spears, smartphones and network-attached storage (NAS) devices. The NAS exploits at Pwn2Own targeted WD devices, and they earned participants roughly $500,000.

It turns out that at least half a dozen of the NAS vulnerabilities exploited at Pwn2Own affected Netatalk, the open source Apple Filing Protocol (AFP) file server.

The flaws, many of which can be exploited remotely and without authentication for arbitrary code execution, can allow an attacker to take complete control of the targeted device.