What's new

Custom firmware build for R7800 v. 1.0.2.74.4SF

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Voxel

Part of the Furniture
Not planned release, goal is to fix CVE-2020-8597.

Continuation of
. . .
https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-74-1sf.61190/
https://www.snbforums.com/threads/c...or-r7800-v-1-0-2-74-2sf-v-1-0-2-74-3sf.61962/

New version of my custom firmware build: 1.0.2.74.4SF.

Changes (vs 1.0.2.74.3SF):

1. PPP vulnerability CVE-2020-8597 is fixed (score of 9.8/10).
2. fdisk utility is added.
3. resize2fs utility is addded.
4. proftpd package is upgraded 1.3.6->1.3.6c.
5. curl package is upgraded 7.68.0->7.69.1.
6. libubox package is upgraded 2020-01-20->2020-02-27.
7. minidlna package is upgraded 1.2.1-2018-04-10->1.2.1-2019-12-09.
8. libusb package is upgraded 1.0.22->1.0.23.
9. libusb-compat package is upgraded 0.1.5->0.1.7.
10. avahi package is upgraded 0.7->0.8.
11. ncurses package is upgraded 6.1->6.2.
12. util-linux package: optimize for a size.
13. libiconv: make an order in patches.

The link is:

https://www.voxel-firmware.com (thanks to vladlenas for his help with hosting).

Voxel.
 
Last edited:
@Voxel and all,

After I install a Voxel firmware release, I run Shields Up tests to verify that my 7800 is secure.

I installed 74.4SF today.

When I run Shields Up "All Service Ports" test, I am getting half a dozen or more random ports "closed" (blue square) instead of ports "stealth" (green square) resulting in failing the test.

When I repeat the "All Service Ports" test, I do not get consistent results, meaning different ports are blue on each test run.

In the past, the 7800 running Voxel firmware has always passed the "All Service Ports" test.

The 7800 is passing the other Shields Up tests.

I've checked various security settings within the router and AFAICT, it appears to be locked down. Given, I've passed the "All Service Ports" test in the past with the same router settings, I'm not sure what is going on with this firmware release. I have not rolled back to an earlier version of Voxel firmware to check yet.

Could others running 74.4SF try the "All Service Ports" test and report back. It's very easy to run.

Go to https://www.grc.com/x/ne.dll?bh0bkyd2
Click the "Proceed" button.
Click on the "All Service Ports" button and the test will begin to run.

Please report back if you pass or fail.

I'm a big fan of Voxel so please do not think I am casting aspersions on him or his firmware. Just want to pin down the root cause of my 7800 failing the Shields Up "All Service Ports" test and what I can do to resolve it.

Thanks
 
@kokishin

I have repeated the test several times (about 10), and just once there was one block in blue, but in that moment I was browsing in other tab.

The rest of them I was waiting to finish the test without touching anything, and always the results have been green.

I'm using Windows 10 1909 with latest updates. Maybe is an issue on your os.

Cheers!!!
 
Thanks @kamoj and @Tom_Batty,

I'm running Win 10 Pro 1903 on one system and Win 10 Pro 1909 on another system.

They both fail the "All Service Ports" test running either Chrome or the new Chrome based Edge browser.

Got to think some more about how to debug this.
 
Last edited:
I've upgraded the firmware this morning from 74.3 to 74.4.
I've just tested Shields Up with Firefox, and all the ports are stealthed. Did the test a few times, same results.
Have you tried another browser?
 
I've upgraded the firmware this morning from 74.3 to 74.4.
I've just tested Shields Up with Firefox, and all the ports are stealthed. Did the test a few times, same results.
Have you tried another browser?
Tried Chrome, the new Chrome based Edge browser, and old IE. Same random port failures.
 
The only open port I have is 22 for remote SSH access to my router if needed. The test showed all other are stealth on 74.4SF
 
I am on .72 here and everything is in the green.
Don't know how the browser matters since the test is outside the router from grc servers to your router.
(Firefox)
 
@Voxel

OK, I found the issue but I don't understand the cause and effect.

If I enable the 7800 Traffic Meter, then I get the Shields Up "All Service Ports" test failure. It I disable the Traffic Meter, then the Shields Up "All Service Ports" test passes.

It's quite consistent.

I've always used the Traffic Meter with prior Voxel firmware releases with no issues.

For now, I'll keep the Traffic Meter off. I don't need it since I have no caps. I just like to check it sometimes to see my measured data traffic usage.
 
I have Traffic Meter on, all ports still stealth/green.
A long shot..., but have you done this?:

Disable ReadyCLOUD (Reboot router to take effect)
Disable Kwilt/hipplay (Reboot router to take effect)
Disable Transmission torrent client
Disable NG Downloader torrent client (Reboot router to take effect)
Disabled Port Forwarding / Port Triggering

@Voxel

OK, I found the issue but I don't understand the cause and effect.

If I enable the 7800 Traffic Meter, then I get the Shields Up "All Service Ports" test failure. It I disable the Traffic Meter, then the Shields Up "All Service Ports" test passes.

It's quite consistent.

I've always used the Traffic Meter with prior Voxel firmware releases with no issues.

For now, I'll keep the Traffic Meter off. I don't need it since I have no caps. I just like to check it sometimes to see my measured data traffic usage.
 
I have Traffic Meter on, all ports still stealth/green.
A long shot..., but have you done this?:

Disable ReadyCLOUD (Reboot router to take effect)
Disable Kwilt/hipplay (Reboot router to take effect)
Disable Transmission torrent client
Disable NG Downloader torrent client (Reboot router to take effect)
Disabled Port Forwarding / Port Triggering
kamoj,

I executed via telnet:
Code:
nvram set nocloud=1
nvram set nokwilt=1
nvram commit

nvram set transmission_disable=1
nvram commit
and then rebooted the 7800.

(I disabled Transmission a month or so ago but I still re-ran the disable command shown above).

The NG downloader was already disabled.

I don't have any entries in the port forwarding/port triggering table. I did not see a way to explicitly disable it though.

I enabled Traffic Meter.

Ran Shields Up "All Service Ports" test and it failed.

Disabled Traffic Meter.

Ran Shields Up "All Service Ports" test and it passed.

<sigh>

EDIT:
Even when enabled, the Traffic Meter does not seem to be working. All rows are zero except for the last month row.

FYI: My saved off NETGEAR_R7800.cfg did not restore with 74.4SF. I had to set up my 7800 manually. Prior to setting it up, I reset the 7800 to factory defaults.
 
Last edited:
My Traffic Meter is working as it should.

Traffic statistics are saved/restored in the mtd flash partition "traffic_meter".
Maybe your router mtd flash memory is corrupt?

Have you experienced any other strange behaviour with the router?
kamoj,
Even when enabled, the Traffic Meter does not seem to be working. All rows are zero except for the last month row.
My Traffic Meter is working as it should.

Traffic statistics are saved/restored in the mtd flash partition "traffic_meter".
Maybe your router mtd flash memory is corrupt?

Have you experienced any other strange behaviour with the router?
Random reboots e.g.?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top