ReadyNAS 524X vulnerability?

Question

I get Nessus reports of one detected vulnerability in a ReadyNAS 524X with firmware 6.10.7.

Vulnerability Desc:

The version of Samba running on the remote host is 4.13.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior to 4.15.5. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. (CVE-2021-44142) - Information leak via symlinks of existence of files or directories outside of the exported share. (CVE-2021-44141) - Samba AD users with permission to write to an account can impersonate arbitrary services. (CVE-2022-0336) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Vendor Fix:

Upgrade to Samba version 4.13.17, 4.14.12, or 4.15.5 or later.

Anyone know if/when this will be fixed?

JeraldM · Accepted Answer

Hi DNMMM,
&nbsp;
Thanks for the ping StephenB!
&nbsp;
Upon inquiry, please see the following for each vulnerability:
CVE-2021-44142: Fruit is not enabled by default.&nbsp;CVE-2021-44141: We don't use symlinks.CVE-2022-0336 is for Samba AD: we don't use Samba AD.
&nbsp;
&nbsp;
Regards,
&nbsp;
JeraldM
NETGEAR Community Team

Forum Discussion

ReadyNAS 524X vulnerability?

2 Replies

Related Content

ReadyNAS 524X Maximum HDD Capacity

Readynas 524x EDA500 compatibility

how configure Readynas 524X for best video surveillance performance

KRACK Vulnerabilities

WPA2 - KRACK / Vulnerability

NETGEAR Academy

ProSupport for Business