ZyNOS

Edit links
Source: Wikipedia, the free encyclopedia.

ZyNOS is the proprietary operating system used on network devices made by

Network Operating System
(NOS).

History

Zyxel first introduced ZyNOS in 1998.[2]

Versions

Zyxel released ZyNOS version 4.0 for their GS2200 series 24 and 48 port

ethernet switches in April, 2012.[3]
It appears that versions differ between Zyxel products.

Access methods

Web and/or

SSH or telnet.[5]

CLI command types

Listed below are the categories that the CLI commands are grouped by.[6]

  • system-related commands
  • exit command
  • Ethernet-related commands
  • WAN-related commands
  • WLAN
    -related commands
  • IP-related commands
  • PPP
    -related commands
  • bridge-related commands
  • RADIUS-related commands
  • 802.1x
    -related commands
  • firewall-related commands
  • configuration-related commands
  • SMT-related commands.

Web Configurator

The Web Configurator is divided into the following categories:[7][4]

  • basic settings
  • advanced application
  • IP application
  • management

Security advisories

As of January 2014 a ZyNOS ROM-0 vulnerability has been identified.[8] This vulnerability allowed attacker to download router's configuration (ROM-0 file) without any type of authentication required. Such configuration file can be later decompressed[9][10] to expose router's administrator password, ISP password, wireless password etc.

As of March 2014, Danish computer security company

Secunia reports no unpatched advisories or vulnerabilities on ZyNOS version 4.x.[11]

As of March 2014[update], Secunia reports seven advisories and six vulnerabilities on ZyNOS version 3.x. Five advisories are unpatched; Secunia rates the most severe unpatched advisory as less critical.[12]

As of January 2015, a DNS vulnerability has been found in certain ZyNOS firmware versions. The versions that are affected have not been narrowed down. The attack can be done from a remote location regardless if the user interface is accessible from the outside of a LAN.[13]

References

  1. ^ Tseng, Mickey. "ZyNOS General FAQ". Zyxeltech.de. Retrieved 2014-03-07.
  2. ^ "Timeline". Archived from the original on 2012-05-31. Retrieved 2012-06-06.
  3. ^ "ZYXEL LAUNCHES IPv6 UPGRADE FOR BUSINESS SECURITY GATEWAYS AND ETHERNET SWITCHES". Archived from the original on 2012-05-12. Retrieved 2012-06-06.
  4. ^ a b "ZyBook2.book" (PDF). Retrieved 2014-03-07.
  5. ^ "Ethernet Switch Reference Guide V3.90 (Nov 2008)" (PDF). Retrieved 2014-03-07.
  6. ^ Tseng, Mickey. "ZyNOS CI Command List". Zyxeltech.de. Retrieved 2014-03-07.
  7. ^ ftp://ftp2.zyxel.com/GS2200-24P/user_guide/GS2200-24P_4.00_ed1.pdf
  8. ^ Nasro (2014-01-11). "How I saved your a** from the ZynOS (rom-0) attack !! ( Full disclosure )". root@Nasro. Retrieved 2019-08-18.
  9. ^ "ZyNOS ROM-0 DECODER".
  10. ^ Soo, Jacob (2015-05-12), GitHub - jacobsoo/ROM0_Decoder: Rom0 Decoder., retrieved 2019-08-18
  11. ^ "ZyXEL ZyNOS 4.x". Secunia. Retrieved 2014-03-07.
  12. ^ "ZyXEL ZyNOS 3.x". Secunia. Retrieved 2014-03-07.
  13. ^ "DNS hijacking flaw affects D-Link DSL router, possibly other devices". Lucian Constantin. Retrieved 2015-01-30.
Retrieved from "https://en.wikipedia.org/w/index.php?title=ZyNOS&oldid=1049311766"
This page is based on the copyrighted Wikipedia article: ZyNOS. Articles is available under the CC BY-SA 3.0 license; additional terms may apply.Privacy Policy