Zyxel security advisory for the remote code execution vulnerability of NAS products
Comments
-
A quick update to my previous post: In fact there is one of the special characters !§$%&? etc. in the password that no longer works. However, current password policies usually enforce the password to consist of- lower case letters- upper case letters- numbers- special characters@Zyxel: Please improve your solution to filter the input strings! Special characters are mandatory in passwords! You can't be serious to disallow special characters.1
-
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
0 -
Nas540 infected with this ransom ware, what should i do?
I have the ransom.txt in every folder, but no files is encrypted yet? i have backup of the cruzial files but have u bunch of videos etc that i dont have backup for.
Installed the new firmware today, i can access my files etc but wonder is the ransomware still active or whiped out with the new firmware?
What can i do? How do i run a malware program on the nas to check?
/ Thanks0 -
Do not assume the ransomware is gone with installing the new firmware. It's trivial to install something on the NAS which will survive reboots and firmware upgrades.How do i run a malware program on the nas to check?You can't. You can enable the ssh server, login over ssh and run 'ps' to see if there are any suspicious processes. Or you can try to find the ransomware on disk. I wrote about that here.Further you can try to save your files by copying them, or by switching off the NAS. In the latter case you'll have to use another Linux system to read the disks.
0 -
Ok, i have now backup of everything i need so today i plan to do a full reset of the nas.
Only thing is that it´s years ago i did any thing in this nas so i don´t remember the steps yet 3x 4tb wd red discs in raid 5? Any pointers?
0 -
You should 'reset' the disks, to make sure the malware can't hide there. Enable the ssh server, login over ssh as root (using your admin password). If you are using Windows you can use PuTTY for that.Then executedd if=/dev/zero of=/dev/sda count=2048dd if=/dev/zero of=/dev/sdb count=2048dd if=/dev/zero of=/dev/sdc count=2048dd if=/dev/zero of=/dev/sdd count=2048This will overwrite the first 1MiB of all disks with zero's, wiping the partition tables. If you now do a factory reset (keep the reset button pressed until it beeped 3 times), the NAS will be as new, with empty disks. Login on the webinterface (admin/1234), and create a new volume.
0 -
Thanks i will take a look at that, i do rember using putty a few years ago.0
-
Dear Zyxel,
You had two weeks to fix the password bug login problem in this fix, but you did it not, shame on you!
I encourage the same problem with web GUI login yesterday, ssh login works.
Even changing password in the ssh without special characters do not fix web GUI login issue.
0 -
-
@Bartek,
There is a known issue that user can modify password included special characters ! # $ % & ( - | when go to Control Panel > Users > Edit User, but user will not able to login after changed password included special characters ! # $ % & ( - |. We will fix it in next official firmware to comprehensive forbid special characters ! # $ % & ( - |.
// Updated.
NAS326: V5.21(AAZF.8)C0
NAS520: V5.21(AASZ.4)C0
NAS540: V5.21(AATB.5)C0
NAS542: V5.21(ABAG.5)C0
The release note is in the attachment.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight