ZyNOS
{{Short description|Operating system used by Zyxel Communications}}
ZyNOS is the proprietary operating system used on network devices made by Zyxel Communications.{{cite web |author-first=Mickey |author-last=Tseng |url=http://www.zyxeltech.de/snoteg3000/faq/zynos_faq.htm |title=ZyNOS General FAQ |publisher=Zyxeltech.de |access-date=2014-03-07}} The name is a contraction of Zyxel and Network Operating System (NOS).
History
Zyxel first introduced ZyNOS in 1998.{{cite web |url=http://us.zyxel.com/Corporate/Overview/Timeline.aspx |title=Timeline |access-date=2012-06-06 |url-status=dead |archive-url=https://web.archive.org/web/20120531030430/http://www.us.zyxel.com/Corporate/Overview/Timeline.aspx |archive-date=2012-05-31}}
Versions
Zyxel released ZyNOS version 4.0 for their GS2200 series 24 and 48 port ethernet switches in April, 2012.{{cite web |url=http://us.zyxel.com/Corporate/Pressroom/Press-Release.aspx?npid=568 |title=ZYXEL LAUNCHES IPv6 UPGRADE FOR BUSINESS SECURITY GATEWAYS AND ETHERNET SWITCHES |access-date=2012-06-06 |url-status=dead |archive-url=https://web.archive.org/web/20120512103646/http://us.zyxel.com/Corporate/Pressroom/Press-Release.aspx?npid=568 |archive-date=2012-05-12}} It appears that versions differ between Zyxel products.
Access methods
Web and/or command-line interface (CLI) depending on the device. Web access is accomplished by connecting an Ethernet cable between a PC and an open port on the device and entering the IP address of the device into the Web browser.{{cite web |url=http://ftp2.zyxel.com/XGS4700-48F/user_guide/XGS4700-48F_1.pdf |title=ZyBook2.book |format=PDF |access-date=2014-03-07}} An RS-232 serial console port is provided on some devices for CLI access, which is accomplished by using SSH or telnet.{{cite web |url=http://ftp2.zyxel.com/XGS4700-48F/cli_reference_guide/XGS4700-48F_1.pdf |title=Ethernet Switch Reference Guide V3.90 (Nov 2008) |format=PDF |access-date=2014-03-07}}
CLI command types
Listed below are the categories that the CLI commands are grouped by.{{cite web |author-first=Mickey |author-last=Tseng |url=http://www.zyxeltech.de/snotep660hw/ci_cmd/p660hw_ci.htm#SMT |title=ZyNOS CI Command List |publisher=Zyxeltech.de |access-date=2014-03-07}}
{{Div col|colwidth=25em}}
- system-related commands
- exit command
- Ethernet-related commands
- WAN-related commands
- WLAN-related commands
- IP-related commands
- PPP-related commands
- bridge-related commands
- RADIUS-related commands
- 802.1x-related commands
- firewall-related commands
- configuration-related commands
- SMT-related commands.
{{Div col end}}
Web Configurator
The Web Configurator is divided into the following categories:{{Cite FTP |url=ftp://ftp2.zyxel.com/GS2200-24P/user_guide/GS2200-24P_4.00_ed1.pdf |server=ftp2.zyxel.com |url-status=dead |title=FTP link }}
- basic settings
- advanced application
- IP application
- management
Security advisories
As of January 2014 a ZyNOS ROM-0 vulnerability has been identified.{{Cite web|url=https://rootatnasro.wordpress.com/2014/01/11/how-i-saved-your-a-from-the-zynos-rom-0-attack-full-disclosure/|title=How I saved your a** from the ZynOS (rom-0) attack !! ( Full disclosure )|last=Nasro|date=2014-01-11|website=root@Nasro|language=en|access-date=2019-08-18}} This vulnerability allowed attacker to download router's configuration (ROM-0 file) without any type of authentication required. Such configuration file can be later decompressed{{Cite web|url=https://www.piotrbania.com/all/utils/RomDecoder.c|title=ZyNOS ROM-0 DECODER}}{{Citation|last=Soo|first=Jacob|title=GitHub - jacobsoo/ROM0_Decoder: Rom0 Decoder.|date=2015-05-12|url=https://github.com/jacobsoo/ROM0_Decoder|access-date=2019-08-18}} to expose router's administrator password, ISP password, wireless password etc.
{{As of|2014|3}}, Danish computer security company Secunia reports no unpatched advisories or vulnerabilities on ZyNOS version 4.x.{{cite web |url=http://secunia.com/advisories/product/6674/ |title=ZyXEL ZyNOS 4.x |publisher=Secunia |access-date=2014-03-07}}
{{As of|2014|3}}, Secunia reports seven advisories and six vulnerabilities on ZyNOS version 3.x. Five advisories are unpatched; Secunia rates the most severe unpatched advisory as less critical.{{cite web |url=http://secunia.com/advisories/product/149/ |title=ZyXEL ZyNOS 3.x |publisher=Secunia |access-date=2014-03-07}}
{{As of|2015|1}}, a DNS vulnerability has been found in certain ZyNOS firmware versions. The versions that are affected have not been narrowed down. The attack can be done from a remote location regardless if the user interface is accessible from the outside of a LAN.{{cite web |url=http://www.computerworld.com/article/2876292/dns-hijacking-flaw-affects-d-link-dsl-router-possibly-other-devices.html |title=DNS hijacking flaw affects D-Link DSL router, possibly other devices |publisher=Lucian Constantin |access-date=2015-01-30}}