Issues with firmware V5.21(AAZF.7) on NAS326

chris1284 · March 2020

Hi,
After installing firmware V5.21(AAZF.7) on my NAS326 there are some issues:

1. password broken after reboot -> passwort reset works but the NAS dosn't accept passwords with "#" in there
2. RSYNC that uses normally the admin password is not working with the new password (and not with the old one)

is there a solution to set the rsync pw on the nas so that i can logon to the rsync service again?

#NAS_Mar_2020

mirtomi · March 2020

Same issue here on NAS540, cannot access the web interface after firmware upgrade, password contains "#". Any solutions?

Bob2701 · March 2020

Hmm, I guess I'll wait a while.

Mijzelf · March 2020

@mirtomi : read this thread.

@Bob2701: Also read that thread. The previous firmware has a vulnerability which is actively exploited.

Mel · March 2020

As far as I know, to avoid the remote code execution vulnerability, the password doesn't accept special characters ! # $ % & ( - |.

Mijzelf · March 2020

@Mel: Do you have a source for that? I don't see how ! - ( can trigger the bug, and am missing the ;

Tukemoni · March 2020

Hi. I have same issue after update. I can't login via web interface ("The username or password is incorrect."), ssh is working normally with old password. Also file sharing working normally and I can login via Mac finder. My password also includes special character(s). If Mel is right, I could try to change password, but how to do it via ssh?

Mijzelf · March 2020

how to do it via ssh?

You can try to use smbpasswd. If you have changed your password using smbpasswd, you also have to change it once again in the webinterface, to trigger storage in flash.

Tukemoni · March 2020

Thanks, but I will backup and try password resetting with a button as advised.

masterflai · March 2020

The "solution" provided by ZyXEL is hopefully just a workaround. After the patch I installed the provided firmware upgrade on NAS540 and NAS326 and I was able to edit the password for the admin user within the configuration menu. There was no claim regarding a '!' in the password. Enter new password, save the configuration and login again. Voila, the password will be prompted as incorrect in cause of the missing symbol. In fact, the new firmware accepts symbols by changing the user password via menu, but the login screen is protected against the vulnerability. Sorry ZyXEL, but these were the last products I bought from you.

Zyxel_Steven · March 2020

To fix the remote code execution vulnerability, the latest firmware doesn't allow special characters ! # $ % & ( - | as password.

There is a known issue that user can modify password included special characters ! # $ % & ( - | when go to Control Panel > Users > Edit User, but user will not able to login after changed password included special characters ! # $ % & ( - |. We will fix it in next official firmware to comprehensive forbid special characters ! # $ % & ( - |.

If user cannot login the web interface with password included special characters ! # $ % & ( - | after firmware update is finished, please press the hardware reset button at the back of NAS for 2 seconds, and will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).

Image: https://us.v-cdn.net/6029482/uploads/editor/y8/zhf936hfq9jg.png

Please note,
1. This reset will not erase all configuration of NAS device, it will only reset the password for admin and the network IP.
2. This reset will not cause any data loss or damage in your NAS device or disk.
3. If the IP of NAS device was set for manually, the IP would switch to automatically after the reset. Please access Web GUI >> Control Panel >> Network >> TCP/IP >> Network Interface to re-configure the network Settings.

Issues with firmware V5.21(AAZF.7) on NAS326

Comments

Categories

Consumer Product Help Center