« Back to all recent discussions

FAQ - Upgrading latest NAS remote code execution vulnerability firmware

Zyxel_SupportZyxel_Support Posts: 431  Zyxel Moderator
edited March 26 in Discussions

1.   How to do online firmware upgrade?

Please follow below steps to do online firmware upgrade. (Make sure your NAS is able to access the Internet)

1. Please enter your NAS GUI. There are three ways to access GUI
         1) findme website to access GUI
         2) type NAS IP in browser to access GUI, you can view the NAS IP from DHCP list of your Router.
         3) type NAS model name in the browser

2. Click Control Panel >>  System >> FW Upgrade >> Latest Firmware Check

3. Click “Check Now” to check the latest firmware version.
4. Click "Upgrade Now" to upgrade the firmware.


2.   Not able to login after Firmware Upgrade

To avoid the remote code execution vulnerability, the password doesn't accept special characters !  #  $  %  &  (  -  | after updated to the latest firmware.
If you cannot login the web interface after upgrade, please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).


Please note,

1. This reset will not erase all configuration of NAS device, it will only reset the password for admin and the network IP. 
2. This reset will not cause any data loss or damage in your NAS device or disk.
3. If the IP of NAS device was as static IP, the IP would switch to automatically after the reset. Please access Web GUI >> Control Panel >> Network >> TCP/IP >> Network Interface to re-configure the network Settings.
 
If you still have problems or questions, feel free to leave comments below. 

Updated.

NAS326: V5.21(AAZF.8)C0
NAS520: V5.21(AASZ.4)C0
NAS540: V5.21(AATB.5)C0
NAS542: V5.21(ABAG.5)C0

The release note is in the attachment.

Comments

  • AntonioDBAntonioDB Posts: 3  Junior Member
    edited March 18
    On NAS 542, after the "1 Beep" reset the STATIC IP remains UNCHANGED !
  • KazKaz Posts: 1
    I couldn't use special character [ ]{ } in the password as well. 
  • alfred0809alfred0809 Posts: 1
    Pull out the faulty 2TB drive and replace wit with a 3TB drive. Rebuild array. One-by-one, replace each 2TB drive with a 3TB drive and rebuild array each time.
Sign In or Register to comment.