Issues with firmware V5.21(AAZF.7) on NAS326

chris1284
chris1284 Posts: 1
edited March 2020 in Personal Cloud Storage
Hi, 
After installing firmware V5.21(AAZF.7) on my NAS326 there are some issues:

1. password broken after reboot -> passwort reset works but the NAS dosn't accept passwords with "#" in there
2. RSYNC that uses normally the admin password is not working with the new password (and not with the old one)

is there a solution to set the rsync pw on the nas so that i can logon to the rsync service again?



#NAS_Mar_2020
«13

Comments

  • mirtomi
    mirtomi Posts: 1
    Same issue here on NAS540, cannot access the web interface after firmware upgrade, password contains "#". Any solutions?
  • Bob2701
    Bob2701 Posts: 3  Freshman Member
    Hmm, I guess I'll wait a while.
  • Mijzelf
    Mijzelf Posts: 2,762  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    @Bob2701: Also read that thread. The previous firmware has a vulnerability which is actively exploited.
  • Mel
    Mel Posts: 83  Ally Member
    As far as I know, to avoid the remote code execution vulnerability, the password doesn't accept special characters !  #  $  %  &  (  -  |.
  • Mijzelf
    Mijzelf Posts: 2,762  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    @Mel: Do you have a source for that? I don't see how ! - ( can trigger the bug, and am missing the ;
  • Tukemoni
    Tukemoni Posts: 5  Freshman Member
    Hi. I have same issue after update. I can't login via web interface ("The username or password is incorrect."), ssh is working normally with old password. Also file sharing working normally and I can login via Mac finder. My password also includes special character(s). If Mel is right, I could try to change password, but how to do it via ssh?
  • Mijzelf
    Mijzelf Posts: 2,762  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    how to do it via ssh?

    You can try to use smbpasswd. If you have changed your password using smbpasswd, you also have to change it once again in the webinterface, to trigger storage in flash.

  • Tukemoni
    Tukemoni Posts: 5  Freshman Member
    Thanks, but I will backup and try password resetting with a button as advised.
  • masterflai
    masterflai Posts: 19  Freshman Member
    The "solution" provided by ZyXEL is hopefully just a workaround. After the patch I installed the provided firmware upgrade on NAS540 and NAS326 and I was able to edit the password for the admin user within the configuration menu. There was no claim regarding a '!' in the password. Enter new password, save the configuration and login again. Voila, the password will be prompted as incorrect in cause of the missing symbol. In fact, the new firmware accepts symbols by changing the user password via menu, but the login screen is protected against the vulnerability. Sorry ZyXEL, but these were the last products I bought from you.
  • Zyxel_Steven
    Zyxel_Steven Posts: 246  Zyxel Employee
    To fix the remote code execution vulnerability, the latest firmware doesn't allow special characters !  #  $  %  &  (  -  | as password.

    There is a known issue that user can modify password included special characters !  #  $  %  &  (  -  | when go to Control Panel > Users > Edit User, but user will not able to login after changed password included special characters !  #  $  %  &  (  -  |. We will fix it in next official firmware to comprehensive forbid special characters !  #  $  %  &  (  -  |.

    If user cannot login the web interface with password included special characters !  #  $  %  &  (  -  | after firmware update is finished, please press the hardware reset button at the back of NAS for 2 seconds, and will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).

    Please note,
    1. This reset will not erase all configuration of NAS device, it will only reset the password for admin and the network IP.
    2. This reset will not cause any data loss or damage in your NAS device or disk.
    3. If the IP of NAS device was set for manually, the IP would switch to automatically after the reset. Please access Web GUI >> Control Panel >> Network >> TCP/IP >> Network Interface to re-configure the network Settings.

Consumer Product Help Center