Update issue DIR-860 B1 42914

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Ralink SoC based Hardware
Author Message
ReinerS
DD-WRT Novice


Joined: 22 Sep 2016
Posts: 33

PostPosted: Wed Apr 22, 2020 17:13    Post subject: Update issue DIR-860 B1 42914 Reply with quote
I recently updated my DLink DIR-860 B1 to a new firmware (from 42557) to 42914 and stumbled over a not so nice "feature".

I did an inplace upgrade (without reset) and booted with the new firmware. After that, all seemed ok.

As I have more than one router (the other one is a DIR 880), just serving as APs, I didn't immedeatly realize, that the new firmware did reset the WLAN security setting to default. I didn't notice this immedeatly, as everything else stayed the same (LAN settings and other config settings) and I connect most of the time to my other AP (DIR880).

After a day I checked my WLAN neigborhood and discovered an open WLAN named dd-wrt. At a closer look, I realized that this was my DIR860!!

I then tried to find out what happend, reverted back to 42577, restored my old config and performed the update again. I was surprised what happened. After the update was done, I connected to the 860, and checked the settings. All seemed fine, but suddenly the WLAN changed to "dd-wrt" with no security.

This behaviour while performing an inplace update is not very user-friendly nor is it "secure". There is no warning whatsoever, that WLAN security is beeing rest to default values.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 7476
Location: Netherlands

PostPosted: Wed Apr 22, 2020 18:06    Post subject: Reply with quote
No that should not happen.

On most well supported routers even when resetting to default it will result in the use of the default password (on the bottom of the router)
However not all router support this feature, but when not reseting to default the password should be retained.

On my Netgear routers that is the case but apparently not on yours so this seems a bug as as such warrant reporting

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 8474
Location: Texas, USA

PostPosted: Wed Apr 22, 2020 18:14    Post subject: Reply with quote
Moved to Ralink/MediaTek forum, the B1 is MediaTek. Could have also reported this in the build thread. @egc, have you emailed BrainSlayer about this?
_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 7476
Location: Netherlands

PostPosted: Wed Apr 22, 2020 18:47    Post subject: Reply with quote
kernel-panic69 wrote:
Moved to Ralink/MediaTek forum, the B1 is MediaTek. Could have also reported this in the build thread. @egc, have you emailed BrainSlayer about this?


No I have not yet done it.

If you can/will that is fine otherwise I will do it tomorrow. Thanks

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
WireGuard Documents & Guides:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327397
OpenVPN Documents & Guides: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398
IPSET: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327261
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 8474
Location: Texas, USA

PostPosted: Wed Apr 22, 2020 19:30    Post subject: Reply with quote
I emailed him and linked this thread. @ReinerS: have you tried upgrading to 42954 to see if the issue has been fixed already?

Latest build release thread (Ralink/MediaTek): 04/20/2020 - r42954

_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
ReinerS
DD-WRT Novice


Joined: 22 Sep 2016
Posts: 33

PostPosted: Thu Apr 23, 2020 9:17    Post subject: Reply with quote
@kernel-panic69:
As I've got some time, I experimented a bit, reverting firmwares back and forth.

What I found out is, that it seems as if the "resetting" function does not work as expected.

I reverted back to 42557, and this time, I selected "Reset to default settings" and booted. I was surprised to see, that the settings were not all cleared, SSID was changed to "dd-wrt" with no security and the AP got an internal IP address from my internal DHCP-Server. Thus it was possible to connect to the AP without any credentials and access the internet and my internal LAN. What puzzled me, was the fact, that I was bale to access the LAN and internet, but I was not able to administer the AP. I could not connect via telnet, nor ssh, nor http or https.

I then restored my old 42557 config, rebooted and flashed with 42954, this time with "Don't reset" selected.

Same issue. The AP booted with the old settings. After I connected via web-browser I checked the WLAN settings in "System-Sys-Info" and the network ID was my defined SSID. Switching to the second interface (ath1) the SSID changed to "dd-wrt" (I guess this was just a screen update issue) without any security settings. I could connect to "dd-wrt" and access the internet.

Up to and including version 42557 I didn't realize this issue, because the upgrades not resetting the configuration worked. I suspect that the changes how the advanced WLAN settings can be configured between 42557 and later causes the router to switch to default, unfortunately leaving half of the configuration as is and setting wireless to default without any security.

As mentioned above, this seemed already be the case in versions earlier than 42557, but in these versions the way the advanced WLAN settings are managed didn't change.

I don't mind that WLAN is beeing reset, but if there is a reset, either WLAN should be deactivated or at least be secured by a password. An open AP without security, partially keeping old LAN settings or using DHCP, is a security flaw. It would be better in such a case, if the router is reset totally, instead having a partially reseted router.


Last edited by ReinerS on Thu Apr 23, 2020 11:09; edited 1 time in total
ReinerS
DD-WRT Novice


Joined: 22 Sep 2016
Posts: 33

PostPosted: Thu Apr 23, 2020 10:47    Post subject: Reply with quote
BTW, it seems as scripts are not executed after certain events.

I have two scripts, LED.ipup and LED.ipdown, who check if WLAN is on/off and set the front LED. Executing the scripts manually works perfect, but interface up/down don't seem to be recognized any longer. I even tried LED.if.
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7118
Location: Dresden, Germany

PostPosted: Thu Apr 23, 2020 12:06    Post subject: Re: Update issue DIR-860 B1 42914 Reply with quote
ReinerS wrote:
I recently updated my DLink DIR-860 B1 to a new firmware (from 42557) to 42914 and stumbled over a not so nice "feature".

I did an inplace upgrade (without reset) and booted with the new firmware. After that, all seemed ok.

As I have more than one router (the other one is a DIR 880), just serving as APs, I didn't immedeatly realize, that the new firmware did reset the WLAN security setting to default. I didn't notice this immedeatly, as everything else stayed the same (LAN settings and other config settings) and I connect most of the time to my other AP (DIR880).

After a day I checked my WLAN neigborhood and discovered an open WLAN named dd-wrt. At a closer look, I realized that this was my DIR860!!

I then tried to find out what happend, reverted back to 42577, restored my old config and performed the update again. I was surprised what happened. After the update was done, I connected to the 860, and checked the settings. All seemed fine, but suddenly the WLAN changed to "dd-wrt" with no security.

This behaviour while performing an inplace update is not very user-friendly nor is it "secure". There is no warning whatsoever, that WLAN security is beeing rest to default values.


there is no way around. i introduced a complete new wireless driver which brings you much more features and stability. but the settings are totally incompatible with the old one. just compare all the new settings and security settings and you will find out that there is no way around. the old settings are still stored in nvram with its only names. you may have a change by renaming all parameters prefixed with wl0_ and wl1_ to ath0_ and ath1_

_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
ReinerS
DD-WRT Novice


Joined: 22 Sep 2016
Posts: 33

PostPosted: Thu Apr 23, 2020 12:26    Post subject: Re: Update issue DIR-860 B1 42914 Reply with quote
BrainSlayer wrote:

there is no way around. i introduced a complete new wireless driver which brings you much more features and stability. but the settings are totally incompatible with the old one. just compare all the new settings and security settings and you will find out that there is no way around. the old settings are still stored in nvram with its only names. you may have a change by renaming all parameters prefixed with wl0_ and wl1_ to ath0_ and ath1_


I appreciate your work and having new features and settings is really nice.

However, that after updating a device one is left with doors wide open (WLAN without ANY security) is not a positive aspect. If such changes are done, either disable WLAN entirely or reset to (secure) default values.

OK, my LAN/WLAN setup may be not normal and yes, I did not check every setting after the update, but either users should be warned, or standard security settings should be applied. Just imagine, that after an update firewalls would loose their rule set, or the default deny any any rule at the end would be disabled...
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 8474
Location: Texas, USA

PostPosted: Thu Apr 23, 2020 13:45    Post subject: Reply with quote
I would consider it a thing where upgrading to this build requires a complete reset and configure from scratch due to the new driver and not using a backup configuration. Part of the growing pains in the firmware.
_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Ralink SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum