« Back to all recent discussions

FAQ - Upgrading latest NAS remote code execution vulnerability firmware

Zyxel_SupportZyxel_Support Posts: 435  Zyxel Moderator
edited March 26 in Discussions

1.   How to do online firmware upgrade?

Please follow below steps to do online firmware upgrade. (Make sure your NAS is able to access the Internet)

1. Please enter your NAS GUI. There are three ways to access GUI
         1) findme website to access GUI
         2) type NAS IP in browser to access GUI, you can view the NAS IP from DHCP list of your Router.
         3) type NAS model name in the browser

2. Click Control Panel >>  System >> FW Upgrade >> Latest Firmware Check

3. Click “Check Now” to check the latest firmware version.
4. Click "Upgrade Now" to upgrade the firmware.


2.   Not able to login after Firmware Upgrade

To avoid the remote code execution vulnerability, the password doesn't accept special characters !  #  $  %  &  (  -  | after updated to the latest firmware.
If you cannot login the web interface after upgrade, please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).


Please note,

1. This reset will not erase all configuration of NAS device, it will only reset the password for admin and the network IP. 
2. This reset will not cause any data loss or damage in your NAS device or disk.
3. If the IP of NAS device was as static IP, the IP would switch to automatically after the reset. Please access Web GUI >> Control Panel >> Network >> TCP/IP >> Network Interface to re-configure the network Settings.
 
If you still have problems or questions, feel free to leave comments below. 

Updated.

NAS326: V5.21(AAZF.8)C0
NAS520: V5.21(AASZ.4)C0
NAS540: V5.21(AATB.5)C0
NAS542: V5.21(ABAG.5)C0

The release note is in the attachment.

Comments

  • AntonioDBAntonioDB Posts: 3  Junior Member
    edited March 18
    On NAS 542, after the "1 Beep" reset the STATIC IP remains UNCHANGED !
  • KazKaz Posts: 1
    I couldn't use special character [ ]{ } in the password as well. 
  • SEDISEDI Posts: 3  Junior Member
    NAS540: V5.21(AATB.5)C0 Firmware not available in the download section :'(
  • cssmlcssml Posts: 1
    edited April 6

    Hello, I have installed a NAS326 and the upgrade. I can no longer log in as admin. (Password with !) After the hardware reset has beeped no login is still possible. Even a long HW reset with many beep does not change anything ... What can I do?
  • MelMel Posts: 80  Warrior Member
    @SEDI,

    V5.21(AATB.5)C0 is available on my NAS540, please check it again via "Check Now".



    Or you can download firmware file (ftp://ftp2.zyxel.com/NAS540/firmware/521AATB5C0.bin) and update it manually. Official FTP: ftp://ftp2.zyxel.com/NAS540/firmware/
  • lodiabailodiabai Posts: 96  Warrior Member
    Hi @cssml,

    What is the current firmware version on your NAS326?

    Hello, I have installed a NAS326 and the upgrade. I can no longer log in as admin. (Password with !) After the hardware reset has beeped no login is still possible. Even a long HW reset with many beep does not change anything ... What can I do?
    Please press the hardware reset button at the back of NAS for 2 seconds, and you will hear one beep sound, then release the hardware reset button. This resets the NAS's IP address and password to the default setting (admin/1234).
  • SEDISEDI Posts: 3  Junior Member
    @Mel, thanks i didn't know there was an ftp available...
    But what i've ment was that its not in the download section, as shown here:



    The thing is, i tried to open a discussion a week ago...still not approved yet..Dont know whats taking them so long...-.- Anyway. Great Support times..-.-


    I had the problem that if one of my NAS540 boxes has connected a LAN cable to Port-2, but without providing an IP(169.168.xxx.xxx),the NAS will try to download the FW-update via Port-2 instead of the configured Gateway Port-1. Therefore i always received the error that the server is not available.
    At that time (1 week ago) i had no physical access to the nas-box. Therefore i could not disconnect the cable from Port-2. Manually reconfigure network settings was also not working. It still used Port-2 for the Update-Search. At that time i couldnt find the .bin file somewhere else (e.g. Supportpage) to download. In the mean time now i had access and removed lan2 cable. -> Update started right away.


    Anyway - Thanks for the ftp link, I'll keep it for the future.





  • I also have this problem, if someone has a solution, please tell me
  • Andreas999Andreas999 Posts: 1
    edited August 15
    Hi, i got stuck in the upgrade progress... 10 hours now.. what to do?
    I notices that the network filesharing to the disc was slow and the CPU was 100%. Then i clicked the upgrade online and then it is now stuck...
  • MijzelfMijzelf Posts: 1,278  Paragon Member
    Upgrading takes only 5 minutes. So it's stuck. Just reboot it.
  • Hello, I have installed a NAS326 and the upgrade. I can no longer log in as admin. (Password with !) After the hardware reset has beeped no login is still possible. Even a long HW reset with many beep does not change anything ... What can I do?
Sign In or Register to comment.