meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
hw:zyxel_nas326:issues [2020/04/21 22:28] – created niziakhw:zyxel_nas326:issues [2020/04/22 09:12] (current) niziak
Line 3: Line 3:
 ===== Cannot login to web after upgrade ===== ===== Cannot login to web after upgrade =====
  
-NAS326 with FFP and other survives official upgrade, but it is not possible to login using web. Login using SSH works. +NAS326 with FFP and other mods survives official upgrade, but it is not possible to login using web. Login using SSH works. 
-Reason: Zyxel removes + 
 +Zyxel explains it[[https://homeforum.zyxel.com/discussion/3370/faq-upgrading-latest-nas-remote-code-execution-vulnerability-firmware#latest|Not able to login after Firmware Upgrade]] 
 + 
 +  To avoid the remote code execution vulnerability, the password doesn't accept special characters !  #  $  %  &  (  -  | after updated to the latest firmware. 
 +  If you cannot login the web interface after upgrade, please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, 
 +  then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234). 
 + 
 +[[https://homeforum.zyxel.com/discussion/3317/zyxel-security-advisory-for-the-remote-code-execution-vulnerability-of-nas-products|Zyxel security advisory for the remote code execution vulnerability of NAS products]] 
 + 
 +Additional findings: 
 +    * It looks like, webui is using smbpasswd to authenticate to webinterface 
 +    * When the reset button is pressed shortly, script to restore default passwords is called:\\ <file bash | /sbin/account.sh> 
 +#!/bin/sh 
 + 
 +CP=/bin/cp 
 +RM=/bin/rm 
 +ETCPATH=/etc 
 +SAMBAPATH=/etc/samba 
 + 
 +${RM} -rf /etc/passwd 
 +${CP} ${ETCPATH}/passwd.default /etc/passwd 
 +${RM} -rf  /etc/shadow 
 +${CP} ${ETCPATH}/shadow.default /etc/shadow 
 +${RM} -rf /etc/samba/smbpasswd 
 +${CP} ${SAMBAPATH}/smbpasswd.default /etc/samba/smbpasswd 
 +</file>