FAQ - Upgrading latest NAS remote code execution vulnerability firmware

Zyxel_Support
Zyxel_Support Posts: 436  Zyxel Employee
edited December 2020 in Personal Cloud Storage

1.   How to do online firmware upgrade?

Please follow below steps to do online firmware upgrade. (Make sure your NAS is able to access the Internet)

1. Please enter your NAS GUI. There are three ways to access GUI
         1) findme website to access GUI
         2) type NAS IP in browser to access GUI, you can view the NAS IP from DHCP list of your Router.
         3) type NAS model name in the browser

2. Click Control Panel >>  System >> FW Upgrade >> Latest Firmware Check

3. Click “Check Now” to check the latest firmware version.
4. Click "Upgrade Now" to upgrade the firmware.


2.   Not able to login after Firmware Upgrade

To avoid the remote code execution vulnerability, the password doesn't accept special characters !  #  $  %  &  (  -  | after updated to the latest firmware.
If you cannot login the web interface after upgrade, please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).


Please note,

1. This reset will not erase all configuration of NAS device, it will only reset the password for admin and the network IP. 
2. This reset will not cause any data loss or damage in your NAS device or disk.
3. If the IP of NAS device was as static IP, the IP would switch to automatically after the reset. Please access Web GUI >> Control Panel >> Network >> TCP/IP >> Network Interface to re-configure the network Settings.
 
If you still have problems or questions, feel free to leave comments below. 

Updated.

NAS326: V5.21(AAZF.8)C0
NAS520: V5.21(AASZ.4)C0
NAS540: V5.21(AATB.5)C0
NAS542: V5.21(ABAG.5)C0

The release note is in the attachment.
«1

Comments

  • AntonioDB
    AntonioDB Posts: 3  Freshman Member
    edited March 2020
    On NAS 542, after the "1 Beep" reset the STATIC IP remains UNCHANGED !
  • Kaz
    Kaz Posts: 1
    I couldn't use special character [ ]{ } in the password as well. 
  • SEDI
    SEDI Posts: 3  Freshman Member
    NAS540: V5.21(AATB.5)C0 Firmware not available in the download section :'(
  • cssml
    cssml Posts: 1
    edited April 2020

    Hello, I have installed a NAS326 and the upgrade. I can no longer log in as admin. (Password with !) After the hardware reset has beeped no login is still possible. Even a long HW reset with many beep does not change anything ... What can I do?
  • Mel
    Mel Posts: 83  Ally Member
    @SEDI,

    V5.21(AATB.5)C0 is available on my NAS540, please check it again via "Check Now".



    Or you can download firmware file (ftp://ftp2.zyxel.com/NAS540/firmware/521AATB5C0.bin) and update it manually. Official FTP: ftp://ftp2.zyxel.com/NAS540/firmware/
  • lodiabai
    lodiabai Posts: 120  Ally Member
    Hi @cssml,

    What is the current firmware version on your NAS326?

    Hello, I have installed a NAS326 and the upgrade. I can no longer log in as admin. (Password with !) After the hardware reset has beeped no login is still possible. Even a long HW reset with many beep does not change anything ... What can I do?
    Please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).
  • SEDI
    SEDI Posts: 3  Freshman Member
    @Mel, thanks i didn't know there was an ftp available...
    But what i've ment was that its not in the download section, as shown here:



    The thing is, i tried to open a discussion a week ago...still not approved yet..Dont know whats taking them so long...-.- Anyway. Great Support times..-.-


    I had the problem that if one of my NAS540 boxes has connected a LAN cable to Port-2, but without providing an IP(169.168.xxx.xxx),the NAS will try to download the FW-update via Port-2 instead of the configured Gateway Port-1. Therefore i always received the error that the server is not available.
    At that time (1 week ago) i had no physical access to the nas-box. Therefore i could not disconnect the cable from Port-2. Manually reconfigure network settings was also not working. It still used Port-2 for the Update-Search. At that time i couldnt find the .bin file somewhere else (e.g. Supportpage) to download. In the mean time now i had access and removed lan2 cable. -> Update started right away.


    Anyway - Thanks for the ftp link, I'll keep it for the future.





  • I also have this problem, if someone has a solution, please tell me
  • Andreas999
    Andreas999 Posts: 1
    edited August 2020
    Hi, i got stuck in the upgrade progress... 10 hours now.. what to do?
    I notices that the network filesharing to the disc was slow and the CPU was 100%. Then i clicked the upgrade online and then it is now stuck...
  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    Upgrading takes only 5 minutes. So it's stuck. Just reboot it.

Consumer Product Help Center