Orbi WiFi 7 RBE973
Reply

Re: New D7000v1 Firmware V1.0.1.78

tominwi
Luminary

New D7000v1 Firmware V1.0.1.78

New firmware out very recently, and I don't think I've ever seen Release Notes like this before.

 

Chime-in anyone who tries this please!

 

    PSV-2018-0318 Weak Password Policy
    PSV-2019-0010 Cross-Site Scripting in "block site" Configuration
    PSV-2019-0012 /www/adv_index.htm Exposed Unauthenticated
    PSV-2019-0013 Cross-Site Scripting in /www/adv_index.htm
    PSV-2019-0014 Command Injection in PPPOE Functionality
    PSV-2019-0015 Cross-Site Scripting in "remote management" Configuration
    PSV-2019-0016/0018 Setup Actions Permitted Unauthenticated
    PSV-2019-0109 mini_httpd Authentication Bypass Vulnerability
    PSV-2019-0110/0184 Password Storage Information
    PSV-2019-0113 Password change & debug mode 
    PSV-2019-0021 "Zombie POODLE" and "GOLDENDOODLE"
    PSV-2019-0022 Remote code execution
    PSV-2019-0192/0244 Remote code execution
    PSV-2019-0193/0245 Cross Site Scripting (XSS) in IPv6 Autoconfig settings
    PSV-2019-0170 Invalid CPE Certificate for Remote Access        
    PSV-2019-0155 httpd lan_ipaddr stack overflow vulnerability
    PSV-2019-0145 httpd friendly_name stack overflow vulnerability
    PSV-2019-0124 NVRAM configuration injection caused by "SetNTP" parameter of SOAP "DeviceConfig-Set
    PSV-2019-0140 NVRAM configuration injection caused by "New5GCTSRTSThreshold" parameter of SOAP "WLANConfiguration-SetAdvancedW
    PSV-2019-0141 NVRAM configuration injection caused by "NewCTSRTSThreshold" parameter of SOAP "WLAN
Model: D7000|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 1 of 34
KeithRan
Initiate

Re: New D7000v1 Firmware V1.0.1.78

Its working fine for me - took about 5 minutes to upgrade and reboot  Smiley Happy

Model: D7000|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 2 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

Thanks, I have been using the ancistrus version but might try Netgear's own v78 at least until the ancistrus is updated.

 


@KeithRan wrote:

Its working fine for me - took about 5 minutes to upgrade and reboot  Smiley Happy




 

Message 3 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

No trouble with updating but had to roll back to .74 as was unable to log in remotely using Genie. Will remain on 74 until it has been updated
Message 4 of 34

Re: New D7000v1 Firmware V1.0.1.78


@Chas8ch wrote:
...was unable to log in remotely using Genie.


What does that mean? What did you do and where did it go wrong?

 

And what genie are we talking about here? This could be one of several things, the browser interface, a Windows or Mac program for a PC, or a mobile Android/iThing app. Netgear labels them all as genies. Which are you using?

 

It might be better to sort that out than to soldier on without what might be important security fixes.

Message 5 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Hi.
In answer to your question, I launched Netgear Genie Version 2.4.62 on a Windows 7 computer and there was a highlight that firmware .78 was available. Clicked the link and went through the process of download and update. No problems with that. As I have an alarm system with a weblink that sometimes goes down, I need to sometimes reboot the modem to restore the Wi-Fi link. I enabled the remote management option by logging into the router via 192.162.0.1 and applied this option. To test that it would work, I then opened Netgear Genie Version 3.1.78 on my iPhone 6 running iOS 12.4.6 and tried to login using remote option. Normally I would expect my router to be listed, however only the message “Select a router to manage remotely “ appeared. I tried activating Remote Access in the app and received a message that the router did not support it. Further attempts both on PC and phone resulted the same. I rolled back to Version 74 and then went through the above process again with the same results so have reverted to .74.
It was while searching for a solution that I came across this post so thought I would share my experience.

Hope this answers your question. Happy to respond should you wish.

Regards

Chas

Sent from my mobile.
Message 6 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

I've been using ancistrus-flavored firmware for quite a while and though it has worked "better" with respect to the infamous lockups that everyone complains of, it was not free of them--though the last one I suffered was almost 3 months ago. This is as long I think that I've gone w/o a lockup ever.

 

Anyway today I upgraded to v78 and hope the lockups have gone-away but will have to see. Dunno Chas8ch about your particular problem but the Genie app on my iGizmos is not used so...

 

Will sit with this new firmware at least until negan07 updates his.

 

EDIT: Just tried my iOS app v3.1.78 as yours Chas8ch and it works fine as before fwiw.

Message 7 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Thanks for that tominwi. In that case I shall give it another chance tomorrow and post the results.

Chas
Message 8 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Hi tominwi,

 

I have gone through the firmware update to .78 once more, but regrettably have had the same result when using the iiPhone app Netgear Genie Version 3.1.78. 

I am unable to reboot the router remotely as it does not show up in the list of routers to manage remotely.  It would appear that when the update takes place, the IP address associated with my router is changed, but not updated in my profile.

The ios app functions normally except for the remote access, which is a necessary option for me.

Is there some way I can fix this problem?  If not, I will have to remain on version .74

 

Regards,

 

Chas

Model: D7000|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 9 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

I just realized what "Remote Management" you are talking about, which I don't use. You mean where you have a Netgear account and the access to your router is via their servers, yes? Honestly I have never tried that and don't even know where on the Netgear D7000 you would tell it your credentials.

 

I do have Remote Mgmt checked On under Advanced Setup > Remote Management, with a unique/special Port Number, and so I can access my router from outside-the-home using any browser. But I have never used or tried the Genie app for this.

 

So now that you know I am not familiar with that, I can only suggest that in the firmware upgrade your Netgear account credentials have to be re-asserted, or something.

 

EDIT: OK I looked harder and see under Advanced > Dynamic DNS > Service you can select NETGEAR and then enter your logon creds for mynetgear. If that is what you are using, understanding that I dunno exactly how that works, maybe you simply would need to Wait A While after updating firmware to allow mynetgear to see a possible change in your IP address from your ISP. I use no-ip and a custom URL for my own remote access, and have noted that no-ip doesn't update "instantly" when my IP changes.

 

Just guessing here Chas.

Message 10 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Thanks for your response. You are right about the Remote Access, and the reason I need it is because of a flakey alarm system which occasionally loses connection with my router. It usually occurs when away from home!! A remote login via my laptop, reboot of the router usually cures it first time.
No device shows up when I upgrade firmware to .78

Thanks again for your input

Chas
Model: D7000|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 11 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

Yikes OK I understand better now. Most of us come here to complain that the D7000 locks-up once in a while such that there is no Internet connectivity and then we have to re-boot the router for it to work at all. But your problem sounds like the alarm system doesn't get-along with the D7000's WiFi signal. We, too, have an alarm system for which the local WiFi/internet via the D7000 is its first priority comm-link, but then ours has a cellular modem as well that works when WiFi doesn't.

 

That a reboot allows your security system to connect again is very bizarre indeed. Honestly it sounds to me less a security system issue and something in the Netgear then. Maybe fiddling with some Netgear WiFi settings might help, e.g. changing some of the following to see if anything helps. Mine are (assuming security uses 2.4GHz) fwiw:

Channel: Auto

Enable SSID Broadcast

Enable 20/40 coexistence

WPA2-PSK (AES) (maybe try TKIP + AES if your security syst is old?)

my Advanced settings are all defaults: 2346, 2347, Long Preamble, 100%

 

Or maybe the security system can be set for a specific channel or something.

 

 

Message 12 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Many thanks again for taking trouble to shed some light on my problem. I have uploaded .78 again, and this time will give it 24 hours or more in case, as you said, it may take time to re-populate my device list in order that I can access it remotely. I will also give your Wi-Fi suggestion a go in the event I have to again revert to .74
Out of interest, can you see your router listed when you go to remote access?

Cheers,

Chas
Message 13 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

Where would I see my router listed?

 

I open my Genie iOS app, touch the Remote Access button, and login to my Netgear account, and it gives me a page with a single Remote Access on/off slider on it. I turn that On and get a Check mark "Congratulations Remote Access Enabled and a Close button. When I touch that, I see the previous Remote Access with the check enabled. But then the next time I touch Remote Access from the home page the check is no long on and I go thru the above again.

 

Of course, on the router's Advanced Setup for Remote Management, it want a "NETGEAR DDNS account" and to enter/add my Host name to .mynetgear.com, and an email and password. I do not even know where to go to sign-up for a mynetgear.com hostname?

Message 14 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Hi Tominwi
In the Ios genie app, once remote access is switched on, log out locally then click “reboot router”. This give an option of local or remote. Choose remote and you will be presented with a device list you have access to.

However, I have discovered that I am unable to switch on remote access via the IOS Genie app as, having followed the same route as yourself, I tried to disable it and received an error message. It would appear that this .78 firmware does not work with the Genie app, and since the Nighthawk app doesn’t support the D7000 either, I will have to revert to .74 to get the functionality.
As for the Netgear DDNS account I don’t have a clue either.

Many thanks for you time spent on this but unless they fix the update it looks like.74 will have to suffice.

All the best

Chas
Message 15 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

OK well I like mysteries, and am a nice guy, so I signed-up for a NETGEAR DDNS account with my custom.mynetgear.com Host Name, Email, and Password and while the D7000 seems happy enough with it, with Dynamic DNS checked and "currently configured" all A-OK, when I try to use Genie to access either Network Map or Remote Access it says "Account Not Found".

 

I deleted the app and re-installed it to make sure it didn't have old garbage in it, but still "Account Not Found". I see when I signed-up that Netgear uses No-IP for its DDNS--maybe it needs some time or something but I dunno why--I got a happy email from them.

 

Maybe in the end you have simply found that .78 left Genie behind, which would be bad of course since iirc their new Nighthawk app does not work at all with the D7000.

 

EDIT: I've fiddled with it some more, and it seems clear to me that my Host Name and login creds on the D7000 have worked, and when I click Reset on the D7000's Dynamic DNS page and then at bottom "To manage your DDNS account click here" I get the No-IP account page. So, that I am getting Account Not Found seems to me like the Genie app must be at fault here. I'm at a loss...

 

Message 16 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

Well I decided maybe the "Account Not Found" meant that Netgear was insisting my Netgear account and my DDNS account match exactly, so I (very) laboriously changed emails and passwords to match, which included changing my password because while No-IP didn't care that it didn't have a capital letter, Netgear did. Bottom line: with Netgear account and the D7000's DDNS account having now matching email and passwords, I can see Chas what you were asking about on a Login page "Select a router to manage remotely"

 

But no, I do not see my router there so unless there is magic in a 24hour wait, it seems likely to me that maybe one of .78 version's security updates killed the Genie app from working.

 

Bah, I had decided it would be nice to use Genie on my iPhone to check this router from out-and-about but now I am frustrated as you Chas8ch

Message 17 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Indeed Tominwi I also like a mystery, and this one has occupied some time during our lockdown here in the UK. 

It would appear that our msgs crossed, and I have come to the conclusion that .78 has indeed bypassed IOS Genie app.

I logged onto my PC running windows 7 and logged into the routers homepage. I copied the link for Remote Access, pasted it into the search page, and logged in to the remote port :8443.  Happy days, that works, so it looks like .78 has broken IOS Genie.

 

Once again, many thanks for your efforts on my behalf.  And no, I am not buying an updated router any time soon, as this one has served me well.

 

Kind regards,

 

Chas H

 

PS Just caught your latest edit, and I concur.  78 broke Genie for IOS

Message 18 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

We are online at the same time--it's 10pm in the UK!

 

I will try the 8443 trick, thanks for posting!

 

Message 19 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

The appearance of .78 excited me such that I went for it despite having been on .74 Ancistrus firmware, since about last August I think. Anyway after a few days of running this we're experiencing wierd holdups in our internet activities. For example, this morning I let my iGizmo do a bunch of app updates, and while they were downloading I had trouble checking email.

 

Over on the ancistrus github I notice a mention of bufferbloat, and I wonder if that's what I'm experiencing. I get an "F" in the bb test unless I turn-on QoS in which case I still get just a "D". Might have to revert to ancistrus v74 until negan07 updates Netgear's v78 code.

 

Message 20 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Hi Tominwi,

 

I too have noticed that there is a degradation of internet connectivity,  with poor Wi-Fi reception where previously there had been no problems.  Throughput has also suffered, with severe choking of speeds, according to speedtests so far taken.  This internet speed degradation might have something to do with the current lockdown, and self isolation, but the fact remains that .78 has crippled the remote access functionality of the IOS Genie app. 

Since the Netgear Nighthawk app does not support the D7000 (and several more recent models) I feel that the people at Netgear have abandoned their fanbase. 

Although .78 patches some security issues, and whilst there is a workaround using the router's IP address and port :8443, it's back to .74 for me.

 

At my stage in life (72) I doubt I will purchase another router, but if I have to it will NOT be a Netgear product, nor will I be recommending them to anyone either.

 

Best wishes,

 

Chas H

Model: D7000|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 21 of 34
FrankBough
Star

Re: New D7000v1 Firmware V1.0.1.78


@tominwi wrote:

New firmware out very recently, and I don't think I've ever seen Release Notes like this before.

 

Chime-in anyone who tries this please!

 

Trying it - I too have updated from Negan07's Ancistrus Build #605 (based on Netgear Firmware V1.0.1.74_1.0.1)

 

Waiting for Ancistrus to update based on Netgear Firmware V1.0.1.78_1.0.1, until then I think its a sensible move to update considering the very important fixes Netgear have solved with this new version.

 

No issues so far, but I have only been running it a few days, no infamous Netgear firmware lock ups experienced yet, but even if it does I think a reset occasionally is worth enduring until Ancistrus gets an update out again, just so we have the most current security fixes in the meantime ..

 

https://kb.netgear.com/000061832/D7000-Firmware-Version-1-0-1-78

"PSV-2018-0318 Weak Password Policy
PSV-2019-0010 Cross-Site Scripting in "block site" Configuration
PSV-2019-0012 /www/adv_index.htm Exposed Unauthenticated
PSV-2019-0013 Cross-Site Scripting in /www/adv_index.htm
PSV-2019-0014 Command Injection in PPPOE Functionality
PSV-2019-0015 Cross-Site Scripting in "remote management" Configuration
PSV-2019-0016/0018 Setup Actions Permitted Unauthenticated
PSV-2019-0109 mini_httpd Authentication Bypass Vulnerability
PSV-2019-0110/0184 Password Storage Information
PSV-2019-0113 Password change & debug mode
PSV-2019-0021 "Zombie POODLE" and "GOLDENDOODLE"
PSV-2019-0022 Remote code execution
PSV-2019-0192/0244 Remote code execution
PSV-2019-0193/0245 Cross Site Scripting (XSS) in IPv6 Autoconfig settings
PSV-2019-0170 Invalid CPE Certificate for Remote Access
PSV-2019-0155 httpd lan_ipaddr stack overflow vulnerability
PSV-2019-0145 httpd friendly_name stack overflow vulnerability
PSV-2019-0124 NVRAM configuration injection caused by "SetNTP" parameter of SOAP "DeviceConfig-Set
PSV-2019-0140 NVRAM configuration injection caused by "New5GCTSRTSThreshold" parameter of SOAP "WLANConfiguration-SetAdvancedW
PSV-2019-0141 NVRAM configuration injection caused by "NewCTSRTSThreshold" parameter of SOAP "WLAN"

 

Very nice to see Netgear still supporting this Router, especially now during Coronavirus lock down where the internet and online shopping has become far more important to keep us safe.

 

Very much looking forward to Ancistrus update based on this firmware ( https://github.com/negan07/ancistrus/releases ), and the additional controls it gives us - And also the complete freedom from D7000v1 router lock ups Ancistrus typically treats us to (I had no lock ups with Ancistrus Build #605 since installing it when it was released back in late October 2019).

 

Bookmarked this topic, will pop in again if I experience anything unusual, but as mentioned so far its been good to us.

 

I wonder for those negatively affected so far in this topic, if the fixes to Remote Access (there are quite a few in this firmware update) also necessitate the Apps you are using to be similarly updated?. I shy away from meddling with Remote access so do not know for sure.

Message 22 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

Nah, Chas and I have been using the very latest Genie app so that's not it Frank--it just is incompatible somehow with Genie. And as Chas mentioned the newer Nighthawk app left our D7000 behind.

 

I don't regret buying the D7000 as I wanted a modem/router and it was the only one I could find.

 

Hey Chas I'm a year shy of you and expect to buy many more routers after this one! Probably ASUS though! Hang-in there and stay away from the WuFlu!

 

Message 23 of 34
Chas8ch
Aspirant

Re: New D7000v1 Firmware V1.0.1.78

Tominwi, maybe I was being a little pessimistic about the need to purchase another router. They say 70 is the new 60!!  Truth is this D7000 has worked pretty much flawlessly since being purchased, and, if this problem with the IOS Genie app were sorted I would again be a happy bunny.

Being new to the forum, how would one flag up this (perhaps unintentional) limitation in their firmware/software handshake?  Do the Netgear techies read the community forum, or is there another vehicle for making them aware?

 

Regards,

 

Chas H

Model: D7000|Nighthawk AC1900 VDSL/ADSL Modem Router
Message 24 of 34
tominwi
Luminary

Re: New D7000v1 Firmware V1.0.1.78

I expect Chas that there are lots of posts about Genie and maybe someone here knows where on this forum it is discussed. But as for reporting to Netgear, IMHO it's not worth your effort i.e. a bit like expectorating into the breeze. Or carrying coals to Newcastle.

 

Smiley LOL

 

Seriously it does seem like you need a "Premium Support" account to even report anything if your product is beyond their measly 90-day warranty.

 

Message 25 of 34
Top Contributors
Discussion stats
  • 33 replies
  • 5954 views
  • 4 kudos
  • 5 in conversation
Announcements

Orbi WiFi 7