1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Custom firmware build for R7800 v. 1.0.2.74.4SF

Discussion in 'NETGEAR AC Wireless' started by Voxel, Mar 12, 2020.

Tags:
  1. Voxel

    Voxel Very Senior Member

    Joined:
    Dec 9, 2014
    Messages:
    1,710
    Not planned release, goal is to fix CVE-2020-8597.

    Continuation of
    . . .
    https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-74-1sf.61190/
    https://www.snbforums.com/threads/c...or-r7800-v-1-0-2-74-2sf-v-1-0-2-74-3sf.61962/

    New version of my custom firmware build: 1.0.2.74.4SF.

    Changes (vs 1.0.2.74.3SF):

    1. PPP vulnerability CVE-2020-8597 is fixed (score of 9.8/10).
    2. fdisk utility is added.
    3. resize2fs utility is addded.
    4. proftpd package is upgraded 1.3.6->1.3.6c.
    5. curl package is upgraded 7.68.0->7.69.1.
    6. libubox package is upgraded 2020-01-20->2020-02-27.
    7. minidlna package is upgraded 1.2.1-2018-04-10->1.2.1-2019-12-09.
    8. libusb package is upgraded 1.0.22->1.0.23.
    9. libusb-compat package is upgraded 0.1.5->0.1.7.
    10. avahi package is upgraded 0.7->0.8.
    11. ncurses package is upgraded 6.1->6.2.
    12. util-linux package: optimize for a size.
    13. libiconv: make an order in patches.

    The link is:

    https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

    Voxel.
     
    Last edited: Mar 12, 2020
    Droidrat, jrbmw, decantur and 40 others like this.
  2. Tom Brough

    Tom Brough Regular Contributor

    Joined:
    Dec 21, 2018
    Messages:
    117
    Brilliant thanks @Voxel

    All the time you spend making these is greatly appreciated.
     
    Voxel, LeKeiser and kamoj like this.
  3. scooter2765

    scooter2765 Occasional Visitor

    Joined:
    May 17, 2017
    Messages:
    13
    Yes...agreed...Thanks Very much.
     
    Voxel and kamoj like this.
  4. Cruncher

    Cruncher New Around Here

    Joined:
    Feb 21, 2020
    Messages:
    9
    Thank you Voxel. Just updated mine.
     
    Voxel, LeKeiser and kamoj like this.
  5. LeKeiser

    LeKeiser Regular Contributor

    Joined:
    Oct 1, 2017
    Messages:
    78
    Mr Voxel, again, Merci Merci :)
    Great firmware, as usual :)
     
    Voxel and kamoj like this.
  6. Jake77

    Jake77 New Around Here

    Joined:
    Jan 30, 2019
    Messages:
    3
    Thanks Voxel, just updated, everything working fine :)
     
    Voxel, LeKeiser and kamoj like this.
  7. B-dog66

    B-dog66 New Around Here

    Joined:
    Jan 23, 2020
    Messages:
    7
    Big thanks Voxel! :)
     
    Voxel, LeKeiser and kamoj like this.
  8. kokishin

    kokishin Regular Contributor

    Joined:
    Nov 16, 2013
    Messages:
    83
    Location:
    Silicon Valley
    @Voxel and all,

    After I install a Voxel firmware release, I run Shields Up tests to verify that my 7800 is secure.

    I installed 74.4SF today.

    When I run Shields Up "All Service Ports" test, I am getting half a dozen or more random ports "closed" (blue square) instead of ports "stealth" (green square) resulting in failing the test.

    When I repeat the "All Service Ports" test, I do not get consistent results, meaning different ports are blue on each test run.

    In the past, the 7800 running Voxel firmware has always passed the "All Service Ports" test.

    The 7800 is passing the other Shields Up tests.

    I've checked various security settings within the router and AFAICT, it appears to be locked down. Given, I've passed the "All Service Ports" test in the past with the same router settings, I'm not sure what is going on with this firmware release. I have not rolled back to an earlier version of Voxel firmware to check yet.

    Could others running 74.4SF try the "All Service Ports" test and report back. It's very easy to run.

    Go to https://www.grc.com/x/ne.dll?bh0bkyd2
    Click the "Proceed" button.
    Click on the "All Service Ports" button and the test will begin to run.

    Please report back if you pass or fail.

    I'm a big fan of Voxel so please do not think I am casting aspersions on him or his firmware. Just want to pin down the root cause of my 7800 failing the Shields Up "All Service Ports" test and what I can do to resolve it.

    Thanks
     
    kamoj and Tom_Batty like this.
  9. kamoj

    kamoj Very Senior Member

    Joined:
    May 12, 2017
    Messages:
    827
    All ports are Stealth for me.
     
  10. Tom_Batty

    Tom_Batty Occasional Visitor

    Joined:
    Oct 17, 2018
    Messages:
    11
    @kokishin

    I have repeated the test several times (about 10), and just once there was one block in blue, but in that moment I was browsing in other tab.

    The rest of them I was waiting to finish the test without touching anything, and always the results have been green.

    I'm using Windows 10 1909 with latest updates. Maybe is an issue on your os.

    Cheers!!!
     
    Voxel, kokishin and kamoj like this.
  11. kokishin

    kokishin Regular Contributor

    Joined:
    Nov 16, 2013
    Messages:
    83
    Location:
    Silicon Valley
    Thanks @kamoj and @Tom_Batty,

    I'm running Win 10 Pro 1903 on one system and Win 10 Pro 1909 on another system.

    They both fail the "All Service Ports" test running either Chrome or the new Chrome based Edge browser.

    Got to think some more about how to debug this.
     
    Last edited: Mar 13, 2020
    L&LD and kamoj like this.
  12. LeKeiser

    LeKeiser Regular Contributor

    Joined:
    Oct 1, 2017
    Messages:
    78
    I've upgraded the firmware this morning from 74.3 to 74.4.
    I've just tested Shields Up with Firefox, and all the ports are stealthed. Did the test a few times, same results.
    Have you tried another browser?
     
    L&LD and kamoj like this.
  13. kokishin

    kokishin Regular Contributor

    Joined:
    Nov 16, 2013
    Messages:
    83
    Location:
    Silicon Valley
    Tried Chrome, the new Chrome based Edge browser, and old IE. Same random port failures.
     
  14. microchip

    microchip Very Senior Member

    Joined:
    Sep 19, 2014
    Messages:
    699
    Location:
    Belgium
    The only open port I have is 22 for remote SSH access to my router if needed. The test showed all other are stealth on 74.4SF
     
    Voxel and kamoj like this.
  15. NetBytes

    NetBytes Regular Contributor

    Joined:
    Feb 1, 2019
    Messages:
    81
    I am on .72 here and everything is in the green.
    Don't know how the browser matters since the test is outside the router from grc servers to your router.
    (Firefox)
     
  16. kokishin

    kokishin Regular Contributor

    Joined:
    Nov 16, 2013
    Messages:
    83
    Location:
    Silicon Valley
    @Voxel

    OK, I found the issue but I don't understand the cause and effect.

    If I enable the 7800 Traffic Meter, then I get the Shields Up "All Service Ports" test failure. It I disable the Traffic Meter, then the Shields Up "All Service Ports" test passes.

    It's quite consistent.

    I've always used the Traffic Meter with prior Voxel firmware releases with no issues.

    For now, I'll keep the Traffic Meter off. I don't need it since I have no caps. I just like to check it sometimes to see my measured data traffic usage.
     
    kamoj likes this.
  17. kamoj

    kamoj Very Senior Member

    Joined:
    May 12, 2017
    Messages:
    827
    I have Traffic Meter on, all ports still stealth/green.
    A long shot..., but have you done this?:

    Disable ReadyCLOUD (Reboot router to take effect)
    Disable Kwilt/hipplay (Reboot router to take effect)
    Disable Transmission torrent client
    Disable NG Downloader torrent client (Reboot router to take effect)
    Disabled Port Forwarding / Port Triggering

     
  18. kokishin

    kokishin Regular Contributor

    Joined:
    Nov 16, 2013
    Messages:
    83
    Location:
    Silicon Valley
    kamoj,

    I executed via telnet:
    Code:
    nvram set nocloud=1
    nvram set nokwilt=1
    nvram commit
    
    nvram set transmission_disable=1
    nvram commit
    
    and then rebooted the 7800.

    (I disabled Transmission a month or so ago but I still re-ran the disable command shown above).

    The NG downloader was already disabled.

    I don't have any entries in the port forwarding/port triggering table. I did not see a way to explicitly disable it though.

    I enabled Traffic Meter.

    Ran Shields Up "All Service Ports" test and it failed.

    Disabled Traffic Meter.

    Ran Shields Up "All Service Ports" test and it passed.

    <sigh>

    EDIT:
    Even when enabled, the Traffic Meter does not seem to be working. All rows are zero except for the last month row.

    FYI: My saved off NETGEAR_R7800.cfg did not restore with 74.4SF. I had to set up my 7800 manually. Prior to setting it up, I reset the 7800 to factory defaults.
     
    Last edited: Mar 14, 2020
  19. Carolus

    Carolus New Around Here

    Joined:
    Jul 18, 2017
    Messages:
    9
    Installed en so far so good Thanks, great work!!
     
    Voxel likes this.
  20. kamoj

    kamoj Very Senior Member

    Joined:
    May 12, 2017
    Messages:
    827
    My Traffic Meter is working as it should.

    Traffic statistics are saved/restored in the mtd flash partition "traffic_meter".
    Maybe your router mtd flash memory is corrupt?

    Have you experienced any other strange behaviour with the router?