Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 ... 51 52 [53] 54 55 ... 64

Author Topic: ZyXEL VMG8324-B10A Firmware  (Read 347600 times)

highpriest

  • Reg Member
  • ***
  • Posts: 255
Re: ZyXEL VMG8324-B10A Firmware
« Reply #780 on: August 01, 2017, 09:00:35 PM »

Regarding the supervisor password from V18 onwards, I have had a flat refusal to provide it as they say it is for ZyXEL developers only. I am going to try to argue that since I own the router and do not want to allow anyone access that I do not have full control over. This effectively allows ZyXEL access to your router without you having control if you are foolish enough to open the WAN side.

So dumpmdm no longer exposes the password like it did in v16?
Logged
Zen | Zyxel VMG8324-B10A (with RFC4638 patch) | EdgeRouter PoE | UniFi AP AC Pro + Lite

broadstairs

  • Kitizen
  • ****
  • Posts: 3231
Re: ZyXEL VMG8324-B10A Firmware
« Reply #781 on: August 01, 2017, 09:20:03 PM »

That we dont know, needs someone who already has V18 installed to try it and see. Plus we have no dumpmdm on the 3925 model.

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:Netgear D6220

banger

  • Reg Member
  • ***
  • Posts: 813
  • Uno comms 80/20
Re: ZyXEL VMG8324-B10A Firmware
« Reply #782 on: August 01, 2017, 09:39:41 PM »

Trouble is with all this open discussion on the forum, ZyXEL can easily google these topics and close off these avenues of supervisor access which seems to have happened with the 3925 eg dumpmdm not available.
Logged
Tim
www.uno.net.uk & freenetname
Asus DSL-N55U and ZyXEL VMG1312-B10A Bridge on 80 Meg TTB Fibre

https://www.thinkbroadband.com/speedtest/1502566996147131655

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6006
Re: ZyXEL VMG8324-B10A Firmware
« Reply #783 on: August 02, 2017, 03:20:31 AM »

yeah I suspect thats what probably has happened.

It would seem when they rerandomise the password, the supervisor account gets locked out again on a firmware change when thats put in as a change, meaning once someone has the password it becomes risky to change the firmware, however I assume if admin has had extra privileges assigned to it then they will stay intact as long as a config reset is not carried out.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

tubaman

  • Kitizen
  • ****
  • Posts: 4587
Re: ZyXEL VMG8324-B10A Firmware
« Reply #784 on: August 02, 2017, 08:55:28 AM »

When I upgraded my 8924 from V15 to V16 the privilege changes to the admin account were not retained and I had to reassign them via the supervisor account.
This happened just with the forced reboot following the upgrade.
Logged
BT FTTC 80/20 Huawei Cab - Zyxel VMG8924-B10A

Iam_TJ

  • Reg Member
  • ***
  • Posts: 102
Re: ZyXEL VMG8324-B10A Firmware
« Reply #785 on: August 02, 2017, 10:58:08 AM »

Regarding the supervisor password from V18 onwards, I have had a flat refusal to provide it as they say it is for ZyXEL developers only. I am going to try to argue that since I own the router and do not want to allow anyone access that I do not have full control over. This effectively allows ZyXEL access to your router without you having control if you are foolish enough to open the WAN side.

Stuart
Their argument holds no authority. Firstly, how would their developers access **YOUR** device? If they did, that infers the pasword is *not* random but generated from some deterministic value. I would have assumed either the serial number of, more likely, MAC address. It makes some sense if they (or an ISP that owns/loans the device as CPE) needs to ensure the customer cannot corrupt or otherwise compromise the device. But for devices owned by you the password should be available.

As an aside, if you want to generate new passwords for /etc/passwd (which is a sym-link to /var/passwd) - works on-device as well as on a regular GNU/Linux PC:
Code: [Select]
openssl passwd -crypt -salt <salt> <password>
E.g (salt is first two characters of the password field):
Code: [Select]
cat /etc/passwd
supervisor:aOckvcOVkwRgM:0:0:Administrator:/:/bin/sh
nobody:c50G7APIa951c:99:99:nobody for ftp:/:/bin/false
admin:mTzCzri5uT0V.:100:1:Administrator:/:/bin/sh
So, for user "admin" with password "1234":
Code: [Select]
~ # openssl passwd -crypt -salt mT 1234
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
mTzCzri5uT0V.
What is worrying is that the supervisor password is also used for the "nobody" user which is used for FTP etc!
Code: [Select]
# the "supervisor" user:
~ # openssl passwd -crypt -salt aO 30eec8cf
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
aOckvcOVkwRgM

# the "nobody" user:
~ # openssl passwd -crypt -salt c5 30eec8cf
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
c50G7APIa951c

[code]
« Last Edit: August 02, 2017, 11:04:43 AM by Iam_TJ »
Logged

NewtronStar

  • Kitizen
  • ****
  • Posts: 4844
Re: ZyXEL VMG8324-B10A Firmware
« Reply #786 on: August 04, 2017, 12:01:02 PM »

Have installed (V16)CO firmware onto the 8924-B10A previously using (V10)CO  under security >firewall>dos the Deny Ping Response selection has disappeared the DoS attack protection is still there. I had enabled Ping Responses (Block) on (V10) and is still blocking them in (V16)

Is there another way to access or change the settings ?   
Logged

npr

  • Reg Member
  • ***
  • Posts: 255
Re: ZyXEL VMG8324-B10A Firmware
« Reply #787 on: August 04, 2017, 12:37:47 PM »

Have a look in Mainenance > Remote MGMT

I have ICMP ticked for "LAN/WLAM" and "Trusted Domain"

In the "Trusted Domain" tab I have the IP address blocks for tbb ping graph.


Logged

NewtronStar

  • Kitizen
  • ****
  • Posts: 4844
Re: ZyXEL VMG8324-B10A Firmware
« Reply #788 on: August 04, 2017, 12:49:45 PM »

Thanks for that npr and indeed also see ICMP is ticked will un-tick it later and run sheilds up
Logged

Iam_TJ

  • Reg Member
  • ***
  • Posts: 102
Re: ZyXEL VMG8324-B10A Firmware
« Reply #789 on: August 04, 2017, 01:28:23 PM »

I've been told by Zyxel support today that version 18 is being withdrawn and therefore they won't provide the source-code for it!

I've pointed out they are, therefore, in breach of the copyright licence covering major components and must immediately stop distributing firmware updates :)

Maybe v18 has so many bugs and regressions that v19 is being rushed out for 16th August.
Logged

broadstairs

  • Kitizen
  • ****
  • Posts: 3231
Re: ZyXEL VMG8324-B10A Firmware
« Reply #790 on: August 04, 2017, 03:35:29 PM »

Probably want to lockout supervisor password further!!

Stuart
Logged
ISP:TalkTalk Connection:FTTC Cab:ECI Router:Netgear D6220

highpriest

  • Reg Member
  • ***
  • Posts: 255
Re: ZyXEL VMG8324-B10A Firmware
« Reply #791 on: August 04, 2017, 03:46:33 PM »

Maybe v18 has so many bugs and regressions that v19 is being rushed out for 16th August.

Sounds like it. Good thing I didn't upgrade to v18.
Logged
Zen | Zyxel VMG8324-B10A (with RFC4638 patch) | EdgeRouter PoE | UniFi AP AC Pro + Lite

Iam_TJ

  • Reg Member
  • ***
  • Posts: 102
Re: ZyXEL VMG8324-B10A Firmware
« Reply #792 on: August 26, 2017, 09:16:53 AM »

Well, so much for the v19 being released 16th August as I was told. Obviously delayed, but also - despite telling me they weren't going to provide the v18 source code due to v19 coming out almost immediately - Zyxel sent me the (Google Drive) download link this week for v18 source code.
Logged

george7272

  • Member
  • **
  • Posts: 40
Re: ZyXEL VMG8324-B10A Firmware
« Reply #793 on: August 27, 2017, 03:53:50 AM »

So is V18 a valid firmware where we can upgrade or there is V19 coming out soon?
Logged

j0hn

  • Kitizen
  • ****
  • Posts: 2683
Re: ZyXEL VMG8324-B10A Firmware
« Reply #794 on: August 27, 2017, 04:05:30 AM »

So is V18 a valid firmware where we can upgrade or there is V19 coming out soon?
It never got pulled. It's still the newest firmware available. The 16th August came and went and no v19. I installed v18 and it was working fine, though I've since switched to a VMG1312-B10A.

ftp://ftp2.zyxel.com/VMG8924-B10A/firmware/
Logged
Plusnet FTTC 80/20 -  ECI now Huawei cab
retx low @ 3dB target SNRM
Zyxel VMG1312-B10A bridged with 1508 MTU + Asus RT-AC68U running Asuswrt-Merlin
Pages: 1 ... 51 52 [53] 54 55 ... 64
 

anything