Issues with firmware V5.21(AAZF.7) on NAS326
Comments
-
Thanks for the reply Steven. I resetted the password yesterday with the mentioned method. It was the same procedure after installing the patch before.
Is it true, that the current status of the firmware is not to use special charaters? If so, why don't ZyXEL also modified the webpage (user administration), where a user can enter a new password?0 -
Is it true, that the current status of the firmware is not to use special charaters? If so, why don't ZyXEL also modified the webpage (user administration), where a user can enter a new password?@masterflai,
We will fix it in next official firmware to forbid user can modify the new password include special characters ! # $ % & ( - | to cause login issue.
0 -
@Zyxel_Steven : Can you elaborate on that? I don't see how ! ( and - can trigger the bug. But I can trigger the bug without any of the characters you list here:wget http://nas520.lan/adv,/cgi-bin/weblogin.cgi --post-data="username=a';touch /tmp/x;'"will create a file /tmp/x
1 -
@Zyxel_Steven : In this context, would not a proper input validation be much more useful and the correct way to deal with the threat? In my eyes, prohibiting special characters is at most a workaround to save time.
Please dear ZyXEL team, do it better this time. You can do it if you try hard.
0 -
Updated.
NAS326: V5.21(AAZF.8)C0
NAS520: V5.21(AASZ.4)C0
NAS540: V5.21(AATB.5)C0
NAS542: V5.21(ABAG.5)C0
The release note is in the attachment.
0 -
When is this Update V5.21(AAZF.8)C0 available ??0
-
Hi Mirolein,
You can go to Control Panel > System > FW Upgrade > Latest Firmware Check to upgrade it or download FW and upgrade it manually at Manual Firmware Upgrade. (ftp://ftp2.zyxel.com/NAS326/firmware/)
1 -
Thank you, i got it with System - Upgrade0
-
With that version, the problem with special character is still thereV5.21(AAZF.9)C0
You really do not feel good when your are unable to log in :-(
And if yo try to reset the password and you type again a password with special character it still doesn't work. You have to find that forum to undesrtand what is wrong0 -
Dear Sir,On the latest firmware, the special character is not able to put into the passwordPlease refer to the FAQ below0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight