FAQ - Upgrading latest NAS remote code execution vulnerability firmware
Zyxel_Support
Posts: 436 Zyxel Employee
1. How to do online firmware upgrade?
Please follow below steps to do online firmware upgrade. (Make sure your NAS is able to access the Internet)
1. Please enter your NAS GUI. There are three ways to access GUI1) findme website to access GUI
2) type NAS IP in browser to access GUI, you can view the NAS IP from DHCP list of your Router.
3) type NAS model name in the browser
2. Click Control Panel >> System >> FW Upgrade >> Latest Firmware Check
3. Click “Check Now” to check the latest firmware version.
4. Click "Upgrade Now" to upgrade the firmware.
2. Not able to login after Firmware Upgrade
To avoid the remote code execution vulnerability, the password doesn't accept special characters ! # $ % & ( - | after updated to the latest firmware.If you cannot login the web interface after upgrade, please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).
Please note,
1. This reset will not erase all configuration of NAS device, it will only reset the password for admin and the network IP.
2. This reset will not cause any data loss or damage in your NAS device or disk.
3. If the IP of NAS device was as static IP, the IP would switch to automatically after the reset. Please access Web GUI >> Control Panel >> Network >> TCP/IP >> Network Interface to re-configure the network Settings.
If you still have problems or questions, feel free to leave comments below.
Updated.
NAS326: V5.21(AAZF.8)C0NAS520: V5.21(AASZ.4)C0
NAS540: V5.21(AATB.5)C0
NAS542: V5.21(ABAG.5)C0
The release note is in the attachment.
0
Comments
-
On NAS 542, after the "1 Beep" reset the STATIC IP remains UNCHANGED !
0 -
I couldn't use special character [ ]{ } in the password as well.0
-
NAS540: V5.21(AATB.5)C0 Firmware not available in the download section0
-
Hello, I have installed a NAS326 and the upgrade. I can no longer log in as admin. (Password with !) After the hardware reset has beeped no login is still possible. Even a long HW reset with many beep does not change anything ... What can I do?0
-
@SEDI,
V5.21(AATB.5)C0 is available on my NAS540, please check it again via "Check Now".
Or you can download firmware file (ftp://ftp2.zyxel.com/NAS540/firmware/521AATB5C0.bin) and update it manually. Official FTP: ftp://ftp2.zyxel.com/NAS540/firmware/
1 -
Hi @cssml,
What is the current firmware version on your NAS326?Please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).Hello, I have installed a NAS326 and the upgrade. I can no longer log in as admin. (Password with !) After the hardware reset has beeped no login is still possible. Even a long HW reset with many beep does not change anything ... What can I do?
0 -
@Mel, thanks i didn't know there was an ftp available...But what i've ment was that its not in the download section, as shown here:The thing is, i tried to open a discussion a week ago...still not approved yet..Dont know whats taking them so long...-.- Anyway. Great Support times..-.-I had the problem that if one of my NAS540 boxes has connected a LAN cable to Port-2, but without providing an IP(169.168.xxx.xxx),the NAS will try to download the FW-update via Port-2 instead of the configured Gateway Port-1. Therefore i always received the error that the server is not available.
At that time (1 week ago) i had no physical access to the nas-box. Therefore i could not disconnect the cable from Port-2. Manually reconfigure network settings was also not working. It still used Port-2 for the Update-Search. At that time i couldnt find the .bin file somewhere else (e.g. Supportpage) to download. In the mean time now i had access and removed lan2 cable. -> Update started right away.Anyway - Thanks for the ftp link, I'll keep it for the future.
0 -
I also have this problem, if someone has a solution, please tell me0
-
Hi, i got stuck in the upgrade progress... 10 hours now.. what to do?
I notices that the network filesharing to the disc was slow and the CPU was 100%. Then i clicked the upgrade online and then it is now stuck...
0 -
Upgrading takes only 5 minutes. So it's stuck. Just reboot it.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight