meta data for this page
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
hw:zyxel_nas326:issues [2020/04/21 22:28] – created niziak | hw:zyxel_nas326:issues [2020/04/22 09:12] (current) – niziak | ||
---|---|---|---|
Line 3: | Line 3: | ||
===== Cannot login to web after upgrade ===== | ===== Cannot login to web after upgrade ===== | ||
- | NAS326 with FFP and other survives official upgrade, but it is not possible to login using web. Login using SSH works. | + | NAS326 with FFP and other mods survives official upgrade, but it is not possible to login using web. Login using SSH works. |
- | Reason: Zyxel removes | + | |
+ | Zyxel explains it: [[https:// | ||
+ | |||
+ | To avoid the remote code execution vulnerability, | ||
+ | If you cannot login the web interface after upgrade, please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, | ||
+ | then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/ | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | Additional findings: | ||
+ | * It looks like, webui is using smbpasswd to authenticate to webinterface | ||
+ | * When the reset button is pressed shortly, script to restore default passwords is called:\\ <file bash | / | ||
+ | #!/bin/sh | ||
+ | |||
+ | CP=/ | ||
+ | RM=/ | ||
+ | ETCPATH=/ | ||
+ | SAMBAPATH=/ | ||
+ | |||
+ | ${RM} -rf / | ||
+ | ${CP} ${ETCPATH}/ | ||
+ | ${RM} -rf / | ||
+ | ${CP} ${ETCPATH}/ | ||
+ | ${RM} -rf / | ||
+ | ${CP} ${SAMBAPATH}/ | ||
+ | </ | ||