NAS540 - Samba protocol update?

JockeSve

Is there any plan to update SMB version for NAS540 / NAS540 v2?

Fredzoul1

As I know, Zyxel have patched the sambacry in product with adding a simple code line.

Fredzoul1

I don't know, but many time asked in many forum without clear response or clear planning

JockeSve

Sounds somewhat strange IMHO...
That should quite high priority to solve with new firmware!

Fredzoul1

Normally !

JockeSve

Would be interesting to hear how Zyxel thinks about this...

The vulnerability has been out there for quite some time now.
Several other vendors has the option to choose SMB version out of the box...

Mijzelf

Which vulnerability are you talking about? Sambacry? Firmware 5.21 is supposed to be patched.
http://www.zyxelforum.de/sambacry-sicherheitslücke-cve-2017-7494-informationen-t11639.html

JockeSve

Ohhh, couldn't find anything in release notes...
So, Samba is based on SMB v2 or v3?

Mijzelf

The box runs version 4.1.7.

admin@NAS520:/$ /usr/sbin/smbd --version

Version 4.1.7

According to this page that means it supports SMB3

JockeSve

If that's true then there is still risk of getting affected by both EternalRed or SambaCry...

Fredzoul1

As I know, Zyxel have patched the sambacry in product with adding a simple code line.