NAS540 - Samba protocol update?

JockeSve
JockeSve Posts: 82  Ally Member
5 Answers First Comment Friend Collector Sixth Anniversary
Is there any plan to update SMB version for NAS540 / NAS540 v2?

Accepted Solution

  • Fredzoul1
    Fredzoul1 Posts: 97  Ally Member
    Answer ✓
    As I know, Zyxel have patched the sambacry in product with adding a simple code line.

All Replies

  • Fredzoul1
    Fredzoul1 Posts: 97  Ally Member
    edited November 2017
    I don't know, but many time asked in many forum without clear response or clear planning
  • JockeSve
    JockeSve Posts: 82  Ally Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Sounds somewhat strange IMHO...
    That should quite high priority to solve with new firmware!
  • Fredzoul1
    Fredzoul1 Posts: 97  Ally Member
    Normally !
  • JockeSve
    JockeSve Posts: 82  Ally Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Would be interesting to hear how Zyxel thinks about this...

    The vulnerability has been out there for quite some time now.
    Several other vendors has the option to choose SMB version out of the box...
  • Mijzelf
    Mijzelf Posts: 2,788  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Which vulnerability are you talking about? Sambacry? Firmware 5.21 is supposed to be patched.
    http://www.zyxelforum.de/sambacry-sicherheitslücke-cve-2017-7494-informationen-t11639.html
  • JockeSve
    JockeSve Posts: 82  Ally Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Ohhh, couldn't find anything in release notes...
    So, Samba is based on SMB v2 or v3?
  • Mijzelf
    Mijzelf Posts: 2,788  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    The box runs version 4.1.7.

    admin@NAS520:/$ /usr/sbin/smbd --version
    Version 4.1.7

    According to this page that means it supports SMB3
  • JockeSve
    JockeSve Posts: 82  Ally Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    If that's true then there is still risk of getting affected by both EternalRed or SambaCry...

  • Fredzoul1
    Fredzoul1 Posts: 97  Ally Member
    Answer ✓
    As I know, Zyxel have patched the sambacry in product with adding a simple code line.

Consumer Product Help Center