Things you can do with a QNAP Switch's Serial Console

I have a QNAP QSW-M408-4C and I was wondering what the serial console port was used for, especially since it wasn’t documented anywhere. Well it turns out it’s a full TTY terminal in LEDE Linux. Thanks to u/sinisterpisces’s post who inspired me to find out more about it.


Connecting via Serial

Windows (PuTTY)

  • Install PuTTY, this is probably also possible to do with PowerShell, but I don’t know how.
  • In PuTTY, set the ‘Connection Type’ to “Serial”
  • Find the COM port in Device Manager under ‘Ports (COM & LPT)’
  • Back to PuTTY, set the ‘Serial Line’ to the COM port you found
  • Set the ‘Speed’ to 115200

Linux (Screen)

  • Install screen (It’s often already installed)
  • Run ls /dev/tty* to find the Serial Adapter (usually starts with /dev/ttyUSB or /dev/ttyS)
  • Run screen [adapter path] 115200 to connect

Logging in/out

  • Press enter then enter the same username and password used for the web interface
  • When logging out type exit to quit the session


There’s multiple scripts just lying around on the switch that can be used for various things. You can find them all with find / -name *.sh.

Here’s a clean list:

[email protected]:/admin# ls /usr/bin/*.sh /bin/*.sh /sbin/*.sh /etc/*.sh
/bin/               /usr/bin/
/etc/                 /usr/bin/
/etc/        /usr/bin/
/etc/             /usr/bin/
/etc/        /usr/bin/
/sbin/            /usr/bin/
/sbin/                 /usr/bin/
/sbin/      /usr/bin/
/sbin/       /usr/bin/
/usr/bin/           /usr/bin/
/usr/bin/            /usr/bin/

Here’s a few of the ones I’ve looked at:

  • Gets/sets fan speeds, temp, rtc, leds, memory, reset, i2c, and mode (--help works)
  • “Aricent Intelligent Switch Solution” CLI (also on tcp://localhost:6023, blocked externally by iptables)
  • Runs piped input as a command on the CLI (eg. echo "help" |
  • “LUA CLI shell”, (? for help, some things cause switch to crash)
  • Sets the UI Password using said API using the MAC Address as the old password
  • Sets MAC, Serial and Model (I think)
  • & Self explanatory but doesn’t seem to work

Remote Access

Enabling SSH

The switch seems to have SSH enabled by default but it’s blocked by iptables, here’s how to unblock it:

Enable SSH until reboot

  • Type iptables -L INPUT 2 and you should get DROP tcp -- anywhere anywhere tcp dpt:ssh
  • If you do type iptables -D INPUT 2
  • If you don’t type iptables -L INPUT --line-numbers | grep ssh then iptables -D INPUT [line number]

Enable SSH permanently

  • Edit /etc/firewall.user
    • eg. vi /etc/firewall.user
  • Add a # to the beginning of the line that says iptables -A INPUT -i cpsstap -p tcp --dport 22 -j DROP (likely line 2)
    • press i to insert in vi
  • Save and reboot
    • ESC + :wq to save in vi
    • reboot to reboot in linux

Enabling the Aricent CLI

You could do the same to enable the “Aricent Intelligent Switch Solution” CLI on port 6023, but it has a built in username and password on the “debug” user (security issue), and it’s already accessible through SSH (especially with, so there isn’t much point:

  • Do the same as SSH but grep port 6023, it’s line 3 for me.

Upgrading Firmware

  • Download the firmware from the QNAP site onto the switch: wget <url>
  • Extract the firmware: tar -xvf <file name>.img
  • Run ./

You might think from above would do something, it doesn’t.

Additional Things

Installing Packages

To install packages with opkg:

  • opkg update
  • opkg install <package> I installed htop since it wasn’t installed for me


There’s also some extra VLAN config in /etc/iss_vlan.txt that might let you tag VLAN 1.

© Stephen Horvath 2022