meta data for this page
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| hw:zyxel_nas326:issues [2020/04/21 22:28] – created niziak | hw:zyxel_nas326:issues [2020/04/22 09:12] (current) – niziak | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Cannot login to web after upgrade ===== | ===== Cannot login to web after upgrade ===== | ||
| - | NAS326 with FFP and other survives official upgrade, but it is not possible to login using web. Login using SSH works. | + | NAS326 with FFP and other mods survives official upgrade, but it is not possible to login using web. Login using SSH works. |
| - | Reason: Zyxel removes | + | |
| + | Zyxel explains it: [[https:// | ||
| + | |||
| + | To avoid the remote code execution vulnerability, | ||
| + | If you cannot login the web interface after upgrade, please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, | ||
| + | then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/ | ||
| + | |||
| + | [[https:// | ||
| + | |||
| + | Additional findings: | ||
| + | * It looks like, webui is using smbpasswd to authenticate to webinterface | ||
| + | * When the reset button is pressed shortly, script to restore default passwords is called:\\ <file bash | / | ||
| + | #!/bin/sh | ||
| + | |||
| + | CP=/ | ||
| + | RM=/ | ||
| + | ETCPATH=/ | ||
| + | SAMBAPATH=/ | ||
| + | |||
| + | ${RM} -rf / | ||
| + | ${CP} ${ETCPATH}/ | ||
| + | ${RM} -rf / | ||
| + | ${CP} ${ETCPATH}/ | ||
| + | ${RM} -rf / | ||
| + | ${CP} ${SAMBAPATH}/ | ||
| + | </ | ||