ZyNOS is the proprietary operating system used on network devices made by Zyxel Communications. [1] The name is a contraction of Zyxel and Network Operating System (NOS).
Zyxel first introduced ZyNOS in 1998. [2]
Zyxel released ZyNOS version 4.0 for their GS2200 series 24 and 48 port ethernet switches in April, 2012. [3] It appears that versions differ between Zyxel products.
Web and/or command-line interface (CLI) depending on the device. Web access is accomplished by connecting an Ethernet cable between a PC and an open port on the device and entering the IP address of the device into the Web browser. [4] An RS-232 serial console port is provided on some devices for CLI access, which is accomplished by using SSH or telnet. [5]
Listed below are the categories that the CLI commands are grouped by. [6]
The Web Configurator is divided into the following categories: [7] [4]
As of January 2014 a ZyNOS ROM-0 vulnerability has been identified. [8] This vulnerability allowed attacker to download router's configuration (ROM-0 file) without any type of authentication required. Such configuration file can be later decompressed [9] [10] to expose router's administrator password, ISP password, wireless password etc.
As of March 2014 [update] , Danish computer security company Secunia reports no unpatched advisories or vulnerabilities on ZyNOS version 4.x. [11]
As of March 2014 [update] , Secunia reports seven advisories and six vulnerabilities on ZyNOS version 3.x. Five advisories are unpatched; Secunia rates the most severe unpatched advisory as less critical. [12]
As of January 2015 [update] , a DNS vulnerability has been found in certain ZyNOS firmware versions. The versions that are affected have not been narrowed down. The attack can be done from a remote location regardless if the user interface is accessible from the outside of a LAN. [13]