Custom firmware build for R7800 v. 1.0.2.25SF & v. 1.0.2.29SF

[Voxel]

Maybe more people need to email their support department and make them aware of this so it gets updated...

This message:

https://community.netgear.com/t5/Ni...UPNP-vulnerability-CVE-2013-0230/td-p/1230658

is in official Netgear forum. As far as I understand it is organized to get feedback from the consumers of Netgear production. So I have doubts that Netgear is not aware.

Voxel.

 

[Voxel]

Voxel, thanks very much for getting the your firmware re-based (1.0.2.29SF) and out so quickly. Really appreciate your work!

As I found, there were not so much to process. Changes are only in net-cgi (pre-compiled binary related to WebGUI) and two config files. Third bug corrected by Netgear in proftpd was already fixed by me in June 2016. So just 30 minutes of integrations and 2 hours of compilation (the last does not require my movements ).

Voxel.

 

[RogerSC]

As I found, there were not so much to process. Changes are only in net-cgi (pre-compiled binary related to WebGUI) and two config files. Third bug corrected by Netgear in proftpd was already fixed by me in June 2016. So just 30 minutes of integrations and 2 hours of compilation (the last does not require my movements ).

Voxel.

None the less, testing and all, it is appreciated. Thanks again.

 

[bodean]

If Netgear publishes it in binary-only form, it means they haven't made any change to it (or else the GPL licensing would require them to publish their changes). I'd say you should be fine replacing it with a newer version, if you're willing to go down that route. Unless someone missed the GPL licensing requirements on this specific component.

The last "major" vulnerability I remember for miniupnpd goes back to version 1.4-xxxxxxxx or something like that.

Might be time for you to get in touch with Netgear I think, so you can at least clarify these types of questions. Try pinging @NETGEAR Guy as a starting point If Netgear is anything like Asus there, they will most certainly welcome the chance to help you, if in the end it turns out you're actually helping them sell products.

Hopefully @NETGEAR Guy can get some updates for us on why this version is so old.... So far he has been silent on the issue.

 

[Even Miles]

I think I've seen this error in some forum but I'm not able to find it.

When I connect via OpenVPN through R7800 I'm able to see all devices in lan, including Netgear router. I can connect via SSH to R7800 but when I try to connect to WebGUI, I get the error:

Error 404 Not Found
This server does not support the operation requested by your client.

I use http://local_ip_r7800 or https://local_ip_r7800 to access to the WebGUI.

I think that firewall is not the problem, because I can connect via SSH. Is it possible that the problem is in cgi?

Thanks!!!

Edit: I'm using Voxel firmware and custom certificate/keys in /etc/openvpn/config.

 

[Voxel]

I think I've seen this error in some forum but I'm not able to find it.

When I connect via OpenVPN through R7800 I'm able to see all devices in lan, including Netgear router. I can connect via SSH to R7800 but when I try to connect to WebGUI, I get the error:

Error 404 Not Found
This server does not support the operation requested by your client.

I use http://local_ip_r7800 or https://local_ip_r7800 to access to the WebGUI.

I think that firewall is not the problem, because I can connect via SSH. Is it possible that the problem is in cgi?

Thanks!!!

Edit: I'm using Voxel firmware and custom certificate/keys in /etc/openvpn/config.

I guess you are using TUN, because there are no such problems with TAP OpenVPN. Yes, I could reproduce this whith TUN OpenVPN. And IMO you are right that problem is in CGI processing engine, because I had security warning regarding SSL certificate and only then 404 error. I.e. HTTP/HTTPS are working, but then error. net-cgi is pre-compiled by Netgear binary... I cannot correct this. Most probably stock FW has the same problem.

Voxel.

 

[Even Miles]

Sorry, I'll forgot to comment that I'm using TUN.

As you say, if the problem is in CGI there isn´t nothing to do, because I suposse that the access control is hard coded.

I'll try TAP and I'll see if it´s possible to access to web gui.

Thanks!!!!

 

[Voxel]

Sorry, I'll forgot to comment that I'm using TUN.

As you say, if the problem is in CGI there isn´t nothing to do, because I suposse that the access control is hard coded.

I'll try TAP and I'll see if it´s possible to access to web gui.

Thanks!!!!

Did you succeed to access WebGUI with TAP?

Voxel.

 

[Even Miles]

Did you succeed to access WebGUI with TAP?

Voxel.

Yes, I've tried to access with TAP to WebGUI and works perfectly.

I think that net-cgi is blocking all adresses that are out of the router's IP range. I've even tried change net mask without success.

 

[gobble]

Had to find my account just to come on and say thanks for doing this firmware! I really want to put it on my R7800, but don't have an Ethernet in my laptop and read that deploying via wireless is a no go?

Not the end of the world, I can wait and borrow a laptop to do it

 

[Voxel]

Had to find my account just to come on and say thanks for doing this firmware! I really want to put it on my R7800, but don't have an Ethernet in my laptop and read that deploying via wireless is a no go?

Not the end of the world, I can wait and borrow a laptop to do it

I did it once (flashing firmware by Wi-Fi) by mistake. But it is better to do not take the risk. I'd suggest to wait 1-2 days: I am going to release a new version (fixing bug in NETGEAR's GPL, now bridge mode will work, checked by Csection, thanks to him). And then process with Ethernet connection .

Voxel.

 

[vladlenas]

Had to find my account just to come on and say thanks for doing this firmware! I really want to put it on my R7800, but don't have an Ethernet in my laptop and read that deploying via wireless is a no go?

Not the end of the world, I can wait and borrow a laptop to do it

I update the firmware only by WiFi. I did not have any problems after the update.

I did it once (flashing firmware by Wi-Fi) by mistake.

 

[Voxel]

I update the firmware only by WiFi. I did not have any problems after the update.

Hi Vladlenas!

I did no know you do flash such a way...

P.S.
What about new version? Should I release it? No problems?

Voxel.

 

[vladlenas]

Hi Vladlenas!

I did no know you do flash such a way...

P.S.
What about new version? Should I release it? No problems?

Voxel.

Just updated, everything works fine.

P.S. by WiFi

 

[deweyii]

Voxel,
Can you please look at openvpn again. I'm able to connect to using stock firmware, but when I change to yours, I can no longer connect. I get a transport error Network_recv_error. I am using TCP,but I get it on UDP also. I'm using the stock keys created by the firmware.

Also I don't know if its possible but can you look at how the time is synced. I have ATT gigabit fiber that has a know issue of not allowing port 123, see ( https://community.netgear.com/t5/Ni...me-behind-Uverse-GigaPower-modem/td-p/1254081 )

Thanks

 

[Voxel]

Voxel,
Can you please look at openvpn again. I'm able to connect to using stock firmware, but when I change to yours, I can no longer connect. I get a transport error Network_recv_error. I am using TCP,but I get it on UDP also. I'm using the stock keys created by the firmware.

Also I don't know if its possible but can you look at how the time is synced. I have ATT gigabit fiber that has a know issue of not allowing port 123, see ( https://community.netgear.com/t5/Ni...me-behind-Uverse-GigaPower-modem/td-p/1254081 )

Thanks

What type do you use: tap or tun? And did you upgrade your client ca/cert? I mean did you download your client config using WebGUI anew? From my firmware.

Regarding time sync. I'l check tomorrow.

Voxel.

 

[deweyii]

What type do you use: tap or tun? And did you upgrade your client ca/cert? I mean did you download your client config using WebGUI anew? From my firmware.

Regarding time sync. I'l check tomorrow.

Voxel.

I am using TUN and yes I have reloaded the config from the webgui. Just to let you know its for Android smartphone using the OpenVPN client.

Thanks for all you do..

 

[Csection]

I did it once (flashing firmware by Wi-Fi) by mistake. But it is better to do not take the risk. I'd suggest to wait 1-2 days: I am going to release a new version (fixing bug in NETGEAR's GPL, now bridge mode will work, checked by Csection, thanks to him). And then process with Ethernet connection .

Voxel.

Yep! Bridge mode now works fine. Thanks to the hard work of Voxel on this. It is definitely faster and smoother than stock firmware. Even in bridge mode.

 

[Voxel]

I am using TUN and yes I have reloaded the config from the webgui. Just to let you know its for Android smartphone using the OpenVPN client.

Thanks for all you do..

OK, wait a bit. I'm testing. Unfortunately I do no have Android gadgets...

Voxel.

 

[deweyii]

OK, wait a bit. I'm testing. Unfortunately I do no have Android gadgets...

Voxel.

No Problem. I understand. Again Thanks.