Issues with firmware V5.21(AAZF.7) on NAS326
chris1284
Posts: 1
Hi,
After installing firmware V5.21(AAZF.7) on my NAS326 there are some issues:
1. password broken after reboot -> passwort reset works but the NAS dosn't accept passwords with "#" in there
2. RSYNC that uses normally the admin password is not working with the new password (and not with the old one)
is there a solution to set the rsync pw on the nas so that i can logon to the rsync service again?
#NAS_Mar_2020
After installing firmware V5.21(AAZF.7) on my NAS326 there are some issues:
1. password broken after reboot -> passwort reset works but the NAS dosn't accept passwords with "#" in there
2. RSYNC that uses normally the admin password is not working with the new password (and not with the old one)
is there a solution to set the rsync pw on the nas so that i can logon to the rsync service again?
#NAS_Mar_2020
1
Comments
-
Same issue here on NAS540, cannot access the web interface after firmware upgrade, password contains "#". Any solutions?0
-
Hmm, I guess I'll wait a while.
0 -
@mirtomi : read this thread.@Bob2701: Also read that thread. The previous firmware has a vulnerability which is actively exploited.0
-
As far as I know, to avoid the remote code execution vulnerability, the password doesn't accept special characters ! # $ % & ( - |.
0 -
Hi. I have same issue after update. I can't login via web interface ("The username or password is incorrect."), ssh is working normally with old password. Also file sharing working normally and I can login via Mac finder. My password also includes special character(s). If Mel is right, I could try to change password, but how to do it via ssh?0
-
how to do it via ssh?
You can try to use smbpasswd. If you have changed your password using smbpasswd, you also have to change it once again in the webinterface, to trigger storage in flash.
0 -
Thanks, but I will backup and try password resetting with a button as advised.0
-
The "solution" provided by ZyXEL is hopefully just a workaround. After the patch I installed the provided firmware upgrade on NAS540 and NAS326 and I was able to edit the password for the admin user within the configuration menu. There was no claim regarding a '!' in the password. Enter new password, save the configuration and login again. Voila, the password will be prompted as incorrect in cause of the missing symbol. In fact, the new firmware accepts symbols by changing the user password via menu, but the login screen is protected against the vulnerability. Sorry ZyXEL, but these were the last products I bought from you.
0 -
To fix the remote code execution vulnerability, the latest firmware doesn't allow special characters ! # $ % & ( - | as password.
There is a known issue that user can modify password included special characters ! # $ % & ( - | when go to Control Panel > Users > Edit User, but user will not able to login after changed password included special characters ! # $ % & ( - |. We will fix it in next official firmware to comprehensive forbid special characters ! # $ % & ( - |.
If user cannot login the web interface with password included special characters ! # $ % & ( - | after firmware update is finished, please press the hardware reset button at the back of NAS for 2 seconds, and will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).
Please note,
1. This reset will not erase all configuration of NAS device, it will only reset the password for admin and the network IP.
2. This reset will not cause any data loss or damage in your NAS device or disk.
3. If the IP of NAS device was set for manually, the IP would switch to automatically after the reset. Please access Web GUI >> Control Panel >> Network >> TCP/IP >> Network Interface to re-configure the network Settings.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight