R7800 New Firmware 1.0.2.12

[Killhippie]

New Features and Enhancements:

• Added WiFi 5G band support for FCC DFS channels 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140.
• Upgraded OpenSSL cryptography library from V1.0.0 to v1.0.2h.

Bug Fixes:

• Fixes security issue in which TCP port 80 and port 443 were always opened in IPv6 environment.
• Fixes security issue in which remote management interface still could be accessed even if it was disabled when the request packet is using 1723 as source port.
• Fixes security issue in which R7800 reboots when using $(reboot) as user name to register ReadyCLOUD.
• Fixes the issue in which the flash drive connected to USB port2 cannot be added into approved USB devices list.
• Fixes the issue in which the desktop genie was unable to access R7800 remotely.
• Fixed other minor bug fixes.

Known Issues:

• Intel 7260/3160 has a connection problem with the R7800 when the HT160 is enabled. This issue is due to the Intel driver. Intel is looking into this..

Considering Open SSL 1.02h was released in May and this firmware has just landed could they have not put at least 1.0.2j in place which was released in September and is the latest version as there are 12 CVE's between 1.02h and 1.0.2j. Also I was hoping that there would be an update to the GUI as with the latest routers being released from Netgear now, guess I hoped for to much support.

 

[doc octopus]

Channels 132,136,140 only for US not for Europe. Why?

 

[Killhippie]

Channels 132,136,140 only for US not for Europe. Why?

No idea. It would be interesting to know though, although I cant see myself using them. Edit: possibly a hardware limitation of the router? Unless FCC rules have changed regarding this due to possible radar issues

 

[xeqw]

Those are some serious security flaws, especially the remote management one. Good to see Netgear actively closing them.

 

[Killhippie]

Channels 132,136,140 only for US not for Europe. Why?

It seems quite common for vendors to restrict to 16 5Ghz channels and may have some obscurity in FCC rules. Even though we are in Europe.

 

[Killhippie]

Those are some serious security flaws, especially the remote management one. Good to see Netgear actively closing them.

At least netgear updated the OpenSSL library as there was a nasty vulnerability in anything before 1.0.2h but that was back in May when that was found. So this router has had that SSL exploit for almost 6 months. I do wonder how long this router has been open to these other vulnerabilities and just how long it takes Netgear to write new firmware to patch all this

 

[Jay Kaut]

Newb here: I'm in the US and I previously manually selected a band. Should I go ahead and pick one of these new bands for 5GHz and expect less interference. I'm in NYC and there are 20+ routers around me broadcasting on 5GHz. I don't know how radar is around here. Any insights would be great.

 

[Killhippie]

Newb here: I'm in the US and I previously manually selected a band. Should I go ahead and pick one of these new bands for 5GHz and expect less interference. I'm in NYC and there are 20+ routers around me broadcasting on 5GHz. I don't know how radar is around here. Any insights would be great.

If there is a radar issue I seem to have read using the higher DFS frequencies a check is made and it wont use it if it detects interference, also you really have to be living pretty close to a runway. If you are having no issues with your router on the pre selected 5Ghz channel and all is running fine then leave it.

 

[latinkreationz]

New Features and Enhancements:
Considering Open SSL 1.02h was released in May and this firmware has just landed could they have not put at least 1.0.2j in place which was released in September and is the latest version as there are 12 CVE's between 1.02h and 1.0.2j. Also I was hoping that there would be an update to the GUI as with the latest routers being released from Netgear now, guess I hoped for to much support.

What GUI update are you referring to?

 

[Killhippie]

What GUI update are you referring to?

The R9000 has a new GUI as does the Orbi (Orbi may just be Orbi specific) but the R9000 does has anew GUI from what I have seen on here http://www.snbforums.com/attachments/r9000_b-jpg.7433/

That image shows info in the R9000 GUI that the present Genie GUI does not offer, if its not an update to netgears GUI my mistake.

 

[pege63]

I do wonder how long this router has been open to these other vulnerabilities and just how long it takes Netgear to write new firmware to patch all this

What deficiencies/vulnerabilities in the FW are you pointing out?

 

[Killhippie]

What deficiencies/vulnerabilities in the FW are you pointing out?

See Bug fixes patched in this update, how long was the router vulnerable to these? The Open SSL bug was reported on 3rd May this year and its only just been patched, that's 6 months and Netgear were still using version 1.00 before this update! Even though we now have OpenSSL 1.0.2h there are 12 CVE's already between that version and the current version 1.02j which was released in September. How many are pertinent to the router I do not know but I'm sure a few are, It seems Netgear are very very slow at patching and considering how often routers are now being used in DDoS attacks that's not a great thing,

 

[pege63]

Well there is 3rd part FW to use

 

[RMerlin]

It seems Netgear are very very slow at patching

You can change "Netgear" with the name of ANY router targeting home users. Many other manufacturers there are still using 0.9.8...

Only business products get rapid updates, which is part of why they do cost more.

 

[latinkreationz]

The R9000 has a new GUI as does the Orbi (Orbi may just be Orbi specific) but the R9000 does has anew GUI from what I have seen on here http://www.snbforums.com/attachments/r9000_b-jpg.7433/

That image shows info in the R9000 GUI that the present Genie GUI does not offer, if its not an update to netgears GUI my mistake.

I have the R9000 and the GUI is the same as the R7800 and others.



Sent from my iPhone using Tapatalk

 

[Killhippie]

I have the R9000 and the GUI is the same as the R7800 and others.



Sent from my iPhone using Tapatalk

Was it only in the version shown on here that CPU load etc was displayed then in that link? Those things are not in the R7800's firmware.

 

[Killhippie]

Well there is 3rd part FW to use

Being Qualcomm that's a bit more limited, and tbh the firmware does what I need it to do well enough most of the time. Just surprised it took six months to provide a fix for the OpenSSL bug, but as pointed out buy RMerlin thats not unusual in the home market, which is really not great in the current climate where hijacking of IoT for nefarious purposes is getting more common. Routers are now powerful enough to be used successfully in large DDoS attacks.

 

[latinkreationz]

Was it only in the version shown on here that CPU load etc was displayed then in that link? Those things are not in the R7800's firmware.

Not sure. I don't see a menu option that shows that info. The only additional option I have that I can tell is Plex. I came from the R7800 and the GUI's are identical.


Sent from my iPhone using Tapatalk

 

[xeqw]

Being Qualcomm that's a bit more limited, and tbh the firmware does what I need it to do well enough most of the time. Just surprised it took six months to provide a fix for the OpenSSL bug, but as pointed out buy RMerlin thats not unusual in the home market, which is really not great in the current climate where hijacking of IoT for nefarious purposes is getting more common. Routers are now powerful enough to be used successfully in large DDoS attacks.

I have never seen any other router manufacturer updating their OpenSSL library in a firmware update before.

In fact when it comes to security patches, seems like only Netgear and Asus are routinely fixing them in firmware updates.

 

[RMerlin]

I have never seen any other router manufacturer updating their OpenSSL library in a firmware update before.

Asus started updating it regularly about a year ago. If Netgear also starts following, then hopefully it will drive the rest of the herd to also follow in what should be a no-brainer (those OpenSSL updates are 100% backward compatible, and take about 10 minutes of development time to accomplish). The biggest hurdle is that initial update where you have to jump from whichever prehistoric branch you were using into either the latest 1.0.x branch (which is mostly straightforward if going from 1.0.0 to 1.0.2 - it's a drop in repalcement), or the newer 1.1.x branch (which might require some changes).

Now that manufacturers are starting to use OpenSSL for VPN purposes, having a secure version of OpenSSL is much more important than in the past, where it mostly handled https access to the webui within your LAN.