ZyNOS

Last updated

ZyNOS is the proprietary operating system used on network devices made by Zyxel Communications. [1] The name is a contraction of Zyxel and Network Operating System (NOS).

Contents

History

Zyxel first introduced ZyNOS in 1998. [2]

Versions

Zyxel released ZyNOS version 4.0 for their GS2200 series 24 and 48 port ethernet switches in April, 2012. [3] It appears that versions differ between Zyxel products.

Access methods

Web and/or command-line interface (CLI) depending on the device. Web access is accomplished by connecting an Ethernet cable between a PC and an open port on the device and entering the IP address of the device into the Web browser. [4] An RS-232 serial console port is provided on some devices for CLI access, which is accomplished by using SSH or telnet. [5]

CLI command types

Listed below are the categories that the CLI commands are grouped by. [6]

Web Configurator

The Web Configurator is divided into the following categories: [7] [4]

Security advisories

As of January 2014 a ZyNOS ROM-0 vulnerability has been identified. [8] This vulnerability allowed attacker to download router's configuration (ROM-0 file) without any type of authentication required. Such configuration file can be later decompressed [9] [10] to expose router's administrator password, ISP password, wireless password etc.

As of March 2014, Danish computer security company Secunia reports no unpatched advisories or vulnerabilities on ZyNOS version 4.x. [11]

As of March 2014, Secunia reports seven advisories and six vulnerabilities on ZyNOS version 3.x. Five advisories are unpatched; Secunia rates the most severe unpatched advisory as less critical. [12]

As of January 2015, a DNS vulnerability has been found in certain ZyNOS firmware versions. The versions that are affected have not been narrowed down. The attack can be done from a remote location regardless if the user interface is accessible from the outside of a LAN. [13]

Related Research Articles

A network operating system (NOS) is a specialized operating system for a network device such as a router, switch or firewall.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite. ARP was defined in 1982 by RFC 826, which is Internet Standard STD 37.

<span class="mw-page-title-main">Universal Plug and Play</span> Set of networking protocols

Universal Plug and Play (UPnP) is a set of networking protocols on the Internet Protocol (IP) that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices, to seamlessly discover each other's presence on the network and establish functional network services. UPnP is intended primarily for residential networks without enterprise-class devices.

The Internetworking Operating System (IOS) is a family of proprietary network operating systems used on several router and network switch models manufactured by Cisco Systems. The system is a package of routing, switching, internetworking, and telecommunications functions integrated into a multitasking operating system. Although the IOS code base includes a cooperative multitasking kernel, most IOS features have been ported to other kernels, such as Linux and QNX, for use in Cisco products.

<span class="mw-page-title-main">Internet Information Services</span> Extensible web server software by Microsoft

Microsoft IIS is an extensible web server created by Microsoft for use with the Windows NT family. IIS supports HTTP, HTTP/2, HTTP/3, HTTPS, FTP, FTPS, SMTP and NNTP. It has been an integral part of the Windows NT family since Windows NT 4.0, though it may be absent from some editions, and is not active by default. A dedicated suite of software called SEO Toolkit is included in the latest version of the manager. This suite has several tools for SEO optimization with features for metatag / web coding optimization, sitemaps / robots.txt configuration, website analysis, crawler setting, SSL server-side configuration and more.

Zero-configuration networking (zeroconf) is a set of technologies that automatically creates a usable computer network based on the Internet Protocol Suite (TCP/IP) when computers or network peripherals are interconnected. It does not require manual operator intervention or special configuration servers. Without zeroconf, a network administrator must set up network services, such as Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), or configure each computer's network settings manually.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

ifconfig Network administration utility

ifconfig is a system administration utility in Unix-like operating systems for network interface configuration.

<span class="mw-page-title-main">Home network</span> Type of computer network

A home network or home area network (HAN) is a type of computer network that facilitates communication among devices within the close vicinity of a home. Devices capable of participating in this network, for example, smart devices such as network printers and handheld mobile computers, often gain enhanced emergent capabilities through their ability to interact. These additional capabilities can be used to increase the quality of life inside the home in a variety of ways, such as automation of repetitive tasks, increased personal productivity, enhanced home security, and easier access to entertainment.

<span class="mw-page-title-main">SpeedTouch</span> Brand name of a line of networking equipment

SpeedTouch is the brand name of a line of networking equipment produced by Alcatel and Technicolor SA. Before 27 January 2010 Technicolor was known as Thomson SA.

Zyxel Communications Corporation, a subsidiary of Zyxel Group Corporation, is a Taiwanese multinational broadband provider headquartered in the Hsinchu Science Park, Taiwan. The company was founded in 1989 by Shun-I Chu, and has three research centers, four regional headquarters, and 35 branch offices.

<span class="mw-page-title-main">TR-069</span> Router configuration protocol over HTTP

Technical Report 069 (TR-069) is a technical specification of the Broadband Forum that defines an application layer protocol for remote management and provisioning of customer-premises equipment (CPE) connected to an Internet Protocol (IP) network. TR-069 uses the CPE WAN Management Protocol (CWMP) which provides support functions for auto-configuration, software or firmware image management, software module management, status and performance managements, and diagnostics.

The DSL-G604T is a first D-Link Wireless/ADSL router which firmware is based on open source the MontaVista Linux. The DSL-G604T was introduced in November 2004. This model has been discontinued.

tomato (firmware) Custom consumer network appliance firmware

Tomato is a family of community-developed, custom firmware for consumer-grade computer networking routers and gateways powered by Broadcom chipsets. The firmware has been continually forked and modded by multiple individuals and organizations, with the most up-to-date fork provided by the FreshTomato project.

Psyb0t or Network Bluepill is a computer worm discovered in January 2009. It is thought to be unique in that it can infect routers and high-speed modems.

<span class="mw-page-title-main">LIO (SCSI target)</span> Open-source version of SCSI target

In computing, Linux-IO (LIO) Target is an open-source implementation of the SCSI target that has become the standard one included in the Linux kernel. Internally, LIO does not initiate sessions, but instead provides one or more Logical Unit Numbers (LUNs), waits for SCSI commands from a SCSI initiator, and performs required input/output data transfers. LIO supports common storage fabrics, including FCoE, Fibre Channel, IEEE 1394, iSCSI, iSCSI Extensions for RDMA (iSER), SCSI RDMA Protocol (SRP) and USB. It is included in most Linux distributions; native support for LIO in QEMU/KVM, libvirt, and OpenStack makes LIO also a storage option for cloud deployments.

In computer networking, Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA, is Cisco's line of network security devices introduced in May 2005. It succeeded three existing lines of popular Cisco products:

Mirai is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 DDoS attacks on Dyn. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

Froxlor is a free and open-source web hosting control panel which originated from the SysCP project. It is released under the terms of the GNU General Public License v2.0.

References

  1. Tseng, Mickey. "ZyNOS General FAQ". Zyxeltech.de. Retrieved 2014-03-07.
  2. "Timeline". Archived from the original on 2012-05-31. Retrieved 2012-06-06.
  3. "ZYXEL LAUNCHES IPv6 UPGRADE FOR BUSINESS SECURITY GATEWAYS AND ETHERNET SWITCHES". Archived from the original on 2012-05-12. Retrieved 2012-06-06.
  4. 1 2 "ZyBook2.book" (PDF). Retrieved 2014-03-07.
  5. "Ethernet Switch Reference Guide V3.90 (Nov 2008)" (PDF). Retrieved 2014-03-07.
  6. Tseng, Mickey. "ZyNOS CI Command List". Zyxeltech.de. Retrieved 2014-03-07.
  7. ftp://ftp2.zyxel.com/GS2200-24P/user_guide/GS2200-24P_4.00_ed1.pdf
  8. Nasro (2014-01-11). "How I saved your a** from the ZynOS (rom-0) attack !! ( Full disclosure )". root@Nasro. Retrieved 2019-08-18.
  9. "ZyNOS ROM-0 DECODER".
  10. Soo, Jacob (2015-05-12), GitHub - jacobsoo/ROM0_Decoder: Rom0 Decoder. , retrieved 2019-08-18
  11. "ZyXEL ZyNOS 4.x". Secunia. Retrieved 2014-03-07.
  12. "ZyXEL ZyNOS 3.x". Secunia. Retrieved 2014-03-07.
  13. "DNS hijacking flaw affects D-Link DSL router, possibly other devices". Lucian Constantin. Retrieved 2015-01-30.