Reply
Highlighted
Luminary

R9000 - Firmware version 1.0.4.36 Hot Fix?

I saw V1.0.4.36 - Hot Fix firmware on Netgear's Web site. I have not read anything about this version on this forum. Has anyone tried it?

 

The release note only says "Fixes security vulnerability issues". Does anyone know what issues this firmware fixes? Why was this so important that it needed a "Hot Fix"?

 

I really wish Netgear told us more information about this?

 

Should we all upgrade to this version because of the security fixes?

Message 1 of 35
Highlighted
Guru

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

Yet another repeated post on the same or similar subject - look here https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R9000-Firmware-V1-0-4-34/m-p/1779547#M134698

Message 2 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?


@schumaku wrote:

Yet another repeated post on the same or similar subject - look here https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R9000-Firmware-V1-0-4-34/m-p/1779547#M134698


No, That link was for officially released version 1.0.4.34. My post was about Hot Fix version 1.0.4.36.

 

R9000-Firmware-Version-1-0-4-36-Hot-Fix

Message 3 of 35
Highlighted
Guru

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

Sorry, was to brief - same issues as reported with the 1.0.4.34, including the crappy incomplete Release Notes. Netgear CHT does never learn. Feel free to figure out the PSVs applicable -> https://www.netgear.com/about/security/ ... I _guess_ the PSV-2019-0029 is certainly on the to-do list (even if the products referenced are incomplete ....).

 

Product security officer work - if there is one with Netgear CHT at all - 100% fail.

 

One of multiple issues - follwing warm boot - time one hour short:

 

1.0.4.36 GMT0100DST - no DST in place.PNG

 

 

Message 4 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

I agree. With Netgear's lack of documentation, I haven't got a clue who this hot fix is directed towards, and whether or not I should install it.

Message 5 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

Has anyone tried this hot fix? Any problems?

 

Has the problem that people were having with v1.0.4.28, where the router was being reset to factory specs, been fixed in v1.0.4.34 or with hot fix v1.0.4.36?

Message 6 of 35
Highlighted
Guru

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

One problem not addressed in 1.0.4.36 and ignored for the 1.4.38 (hotfix) - despite of  timely reports - is the certificate which expired on August 02, 2019. I'm not allowed to state what I think about Netgear ignorance here - otherwise the British secret communty police woll post yet another reference to some "rules" or whatever. The truth is hard: A product security manager missing son expiring certificate _and_ ignoring warnings reported in time has to be fired. But there is most likely ... no such position within Netgear consumer BU anyway, and the product engineers and ODM can release what they want. Highly unprofessional Netgear!!!!!

 

1.0.4.36 hotfix - Certificate expired on Fri August 2 2019.PNG

Message 7 of 35
Highlighted
Guru

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

The Accessed Device list Device Types / Icons on the 1.0.4.36 Hotfix is still having a much bigger selection of Device Types / Icons than what is available on the Nighthawk App 2.4.1.712 (Android):

 

1.0.4.36 hotfix Attached Devices - Device Types - Icons.PNG

Among many others which are missing, still no Switch in sight on the App:

 

Screenshot_20190804-132948.png
Wonder how many more years owners of an originally USD 499 list price router have to wait until the basics are relibale and workable.

Message 8 of 35
Highlighted
Guru

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

DUT: R9000 1.0.4.36 Hotfix, Chrome Version 75.0.3770.142 (Official Build) (Windows 64-bit)

 

On editing an Attached Devices entry and leaving by using the [Cancel] button ...

 

1.0.4.26 hotfix - Adv - Setup - LAN Set-up - Edit Address Reservation.PNG

...we get yet another "empty" page with a non-designed [Cancel] and [Apply] button:

 

1.0.4.26 hotfix - Adv - Setup - LAN Set-up - Edit Address Reservation - Cancel.PNG

Junk quality this is NTGR!

 

 

Message 9 of 35
Highlighted
Aspirant

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

Does anyone know what "Vulnerabilities" this "hotfix" that wasn't really advertised fixes/corrects?   Readme file?    Notes?   Documentation?    Does it also fix all the wireless (very slow) and wired (also very slow) issues? 

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 10 of 35
Highlighted
Aspirant

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

I had my nighthawk x10 for over a year.   I was still at 1.0.4.2.  The router will occasionally lock up.  I've had to reboot a few times.  Anyways, I decided to upgrade to 1.0.4.36 when I hosed my access list when trying to edit a device from the security -> access control page.  Maybe they decided to fix this "bug" that has made this router infamous.  To my surprise (well, not really), it didn't fix the corrupt access list.  So I went back to factory default and entered names for my attached device in the basic->attached_device page (always enter it there).  To my dismay it seems to be more broken than in 1.0.4.2.  I will only show a few of my attached device.  In other words, not all devices are listed.  Also, it seems that you'll see multiple icons for the same device (same ip address and MAC).  All my device have unique names, but a name of one of my devices is used multiple times with different IP/MAC addresses.

 

It appears that perhaps someone tried to fix these access list corruption issues and mucked up the access list module even more.  After 24 hours I decided to downgrade back to 1.0.4.2.  For kicks, I decided to see how many attached devices are on my network at 1am.   I got a total of 9.  I know I have way more than that.  I then downgraded to 1.0.4.2 and now the router sees 19 devices.  All the ones I'm missing show up in 1.0.4.2.

 

I'll be sticking to 1.0.4.2 until they fixed this.  I know there are security implications, but I need the access list to work.  

Here's a tip to working with the access list.  Only edit devices in the basic->attachedDevices page.  I cannot edit devices that are not online (if I did, it will corrupt the access list).

 

I doubt netgear will fix the access list issue.  They advertise this feature yet it does not work! Every new firmware update probably contains more bugs in this area.  Can't netgear get their crap together and put an engieer on this?

Gary

Message 11 of 35
Highlighted
Tutor

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

Has anyone tried the 1.0.4.36 Hot Fix?  Any problems?

 

I'm a little concerned that the file name is "R9000-V1.0.4.36_beta.img"  Beta??  That usually means they're still experimenting with it.

 

Peter

Message 12 of 35
Highlighted
Aspirant

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

I having the issue is 1.0.4.34 was unable to connect wired cable to the internet but after update to the 1.0.4.36 hot fix this issue was fix but sometime i went out for a few days turn off the wifi router after back turn on the router will going back to factory reset issue problem.

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 13 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

Someone posted a link that was buried on the Netgear website (that I can't find right now) that stated that this hotfix added protection for a security vulnurability that had been found. It is marked BETA because they did not fully test out the hotfix release, so it might have bugs. Netgear tried to just add the security change and release it quickly, but without fully testing it out, they are not sure if any new problems might exist.

 

Why don't provide that information in the same place where you can download the hotfix so that we know what is going on?

Message 14 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

I found the link that I was referring to in my previous post:

Security Vulnerabilities 

 

Netgear should include this info with the hotfix download so that we are not left in the dard.

Message 15 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

In my previous post, I meat to say left in the dark.

 

Why can't we edit our posts?

 

Message 16 of 35
Highlighted

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

Really weird cause on my machine the built-in update program shows "no updates available"...

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 17 of 35
Highlighted
Master

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

hot fixes are not part of official firmware that gets pushed to the update server

Routing: NETGEAR R7800 - Voxel Firmware 1.0.2.80SF
Switching: 2x NETGEAR 8-ports (GS108v4) / 1x NETGEAR 16-ports (JGS516v2)
Desktop: AMD Ryzen 7 3700X - Server: Intel Core i7-7700K - NAS: Intel Pentium G4400
Message 18 of 35
Highlighted
Guru

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?


@SScandy wrote:

Why don't provide that information in the same place where you can download the hotfix so that we know what is going on?


These are the Release Notes available direct on the R9000 Support -> Download  -> Firmware Version 1.0.4.36 - Hot Fix (and it does again include a download link).  Nothing hidden or burried - essentially the very same for all Netgear products.

 

I'm much more concerned that months later there is still no final/stable (non-hotfix, non-beta) build, and that there is no current firmware including a _valid_ factory certificate for the R9000 https connection.

 


@SScandy wrote:

Netgear should include this info with the hotfix download so that we are not left in the dard.


Again the old complaint of incomplete Release Notes with this useless "security fixes" blah.

PS. Editing works for some minutes after posting (not in all sections of the community why ever), just done so.

Message 19 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?


@schumaku wrote:

@SScandy wrote:

Why don't provide that information in the same place where you can download the hotfix so that we know what is going on?


These are the Release Notes available direct on the R9000 Support -> Download  -> Firmware Version 1.0.4.36 - Hot Fix (and it does again include a download link).  Nothing hidden or burried - essentially the very same for all Netgear products.

 


@SScandy wrote:

Netgear should include this info with the hotfix download so that we are not left in the dark.


Again the old complaint of incomplete Release Notes with this useless "security fixes" blah.


I disagree. When you look at the release notes, all that it says is: "Fixes security vulnerability issues". There is no mention of any of the information in the link that I provided above (which explains the hotfix a lot better than the release notes):

Security Vulnurabilities 

 

that information should be on the release notes page.

 

Also, immediately after entering my post, there was no way to edit it.

Message 20 of 35
Highlighted
Guru

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?


@SScandy wrote:

 


@SScandy wrote:

Netgear should include this info with the hotfix download so that we are not left in the dark.


Again the old complaint of incomplete Release Notes with this useless "security fixes" blah.


I disagree.

No disagreement at all, we talk of the same thing here. At least the PVR-yyyy-nnnn must be referenced - this was complained many times before. Sorry to be unclear.

Message 21 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

I've been on it for 24 hours, new router, update firmware, factory reset and hard reset, manually entered all the info from scratch no issues so far.

 

Checked the debug page yesterday and a little over half a day later no issues with memory leaks i can see, the Memory Usage went up from 134 to 152MB out of 1006MB. Flash remained the same, temps are stable and the same at 50 and CPU load dropped to about 3% avg between the cores.

 

Will keep an eye on Memory usage tomorrow. So far so good.

 

 

Message 22 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

A slight increase on memory 8MB more in Memory usage, rest is pretty static. Curious how much it will creep up to and how it is manged over time. With the R7000 i never had to reboot ever.

 

CPU Load CPU1: 3.04% CPU2: 3.72% CPU3: 2.06% CPU4: 2.96%  

Memory Usage(Used/Total) 160MB/1006MB  

Flash Usage(Used/Total) 158MB/512MB  

Network Session(Active/Total) 255/65536  

CPU Temperature 51  

2G WiFi Temperature 50  

5G WiFi Temperature 52

Message 23 of 35
Highlighted
Aspirant

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

I'm done playing with this netgear router.  Seriously.   I'm having to reboot it a few times a day.   Time to get a new router that actually works and doeesn't give me this much trouble.   Considering the google mesh..... not sure what I'm going to do but know that I can't have this many issues with such an expensive router like this Nighthawk.

Message 24 of 35
Highlighted
Luminary

Re: R9000 - Firmware version 1.0.4.36 Hot Fix?

Very happy to see this, Memory usage dropped so any concerns of a memory leak are gone as far as i'm concerned. Been fortunate v.36 has been flawless so far.

 

Basic Information   CPU Load CPU1: 3.03% CPU2: 3.72% CPU3: 2.09% CPU4: 2.87%  

Memory Usage(Used/Total) 155MB/1006MB

Flash Usage(Used/Total) 158MB/512MB  

Network Session(Active/Total) 350/65536  

CPU Temperature 52  

2G WiFi Temperature 52  

5G WiFi Temperature 54

Message 25 of 35
Top Contributors
Discussion stats
  • 34 replies
  • 2597 views
  • 3 kudos
  • 9 in conversation
Announcements