Zyxel GS1900 root shell command doesn not work anymore

[immanuelfodor]

Thanks for the great guide, however, the command to get a root shell via SSH does not work anymore on the one newer firmware: https://github.com/plembo/onemoretech/wiki/xyxel-gs1900-16-setup

ping -h;sh${IFS}-a${IFS}telnet

It was fine before upgrading it :( Do you have any idea how to root this FW version?

Images Information
  | V2.40(AAZI.2) | 06/05/2019 | Active |  
  | Flash Partition | 0 | 
  | Image Size | 6613306 Bytes |  
  | Created Time | 2019-06-05 11:49:46 UTC

[immanuelfodor]

The release notes PDF mentions this "fix", it's might be related:

7. eITS#181100948
[System] Switch can be configured via CLI if logged into switch by
telnet/ssh then input command “traceroute ;/bin/cli”, after relogin switch,
configure terminal can be accessed.

[immanuelfodor]

Tried to upgrade it further from v2.4 to v2.5 (the latest), it also doesn't work:

Images Information
  | V2.50(AAZI.0) | 10/21/2019 | Active |  
  | Flash Partition | 0 |  
  | Image Size | 6428671 Bytes |  
  | Created Time | 2019-10-21 15:23:59 UTC

[plembo]

Tried all those, and a few more. I'm also on v2.50 at this point. Unfortunately, the bug that allowed us to beak into a shell session on the switch was a security risk and Zyxel has eliminated that bug. The main downside for me is that I can no longer use my own custom SSL certs for the web console, but have to rely on the equally insecure dummy cert supplied by Xyxel. The only comment regarding that I've seen from Xyxel is that they don't consider the GS1900-16 to be an enterprise product, and so won't ever provide that capability. Once again I find myself wishing Mikrotik would come out with an inexpensive 16 port switch so I can avoid the pain of going with Netgear.

[immanuelfodor]

Yes, that was the only way to upload a cert. Why on Earth only an "enterprise grade" product should have an upload form to write a cert to the storage, I don't get it. Saving a few hours of coding makes a product look dumb and certainly not good for the brand if their own users wish for another competitor to come out with something better :( I hope somebody from Zyxel reads this thread and creates a user story for us to enable custom SSL cert (fullchain+key) uploading in the next iteration. I'd not want to get root access if I'd have the opportunity to do this simple thing. A custom *nix FW would be also great to flash over the original one but I've found no one developing such.