Version 1.5.3 & 1.4.6

The latest news about Gargoyle

Moderator: Moderators

feckn_eejit
Posts: 1
Joined: Thu Nov 10, 2011 1:06 pm

Re: Version 1.5.3 & 1.4.6

Post by feckn_eejit »

Smoothest upgrade of non-Netgear firmware ever on my WNDR3700v2! Thank you!!

buggers
Posts: 23
Joined: Mon Jan 30, 2012 7:47 am

Re: Version 1.5.3 & 1.4.6

Post by buggers »

There is a security vulnerability present in all versions of Gargoyle. Just navigate to this url:

http://192.168.1.1/bandwidth.csv

Even when you are not logged in, you can download the traffic logs. Not good!

I found this in 1.5.2, but it should be in 1.5.3 as well.

mix
Posts: 292
Joined: Sun Feb 27, 2011 11:18 am

Re: Version 1.5.3 & 1.4.6

Post by mix »

buggers,

Thanks for the report, I can confirm the issue in the 1.4.x series.
WRT54GL v1.1
Gargoyle 1.4.7

hnl_dk
Moderator
Posts: 408
Joined: Mon Aug 29, 2011 12:37 pm

Re: Version 1.5.3 & 1.4.6

Post by hnl_dk »

buggers wrote:There is a security vulnerability present in all versions of Gargoyle. Just navigate to this url:

http://192.168.1.1/bandwidth.csv

Even when you are not logged in, you can download the traffic logs. Not good!

I found this in 1.5.2, but it should be in 1.5.3 as well.
Thank you for the report.
Eric has now fixed the problem, for the future versions.
Router: TL-WR1043ND - Gargoyle 1.5.4
AP: TL-WR1043ND - Gargoyle 1.5.4

tals
Posts: 247
Joined: Fri Dec 09, 2011 7:27 am

Re: Version 1.5.3 & 1.4.6

Post by tals »

Is Eric able to make this available now or advise if the fix is straight forward to apply - just tested this outside of my network using my WAN IP and I can access this information without any password being required.

I don't think the information is a huge issue, mainly IP addresses as far as I can see but still probably worth closing off sooner rather than later.

** Thinking about it, this is probably because I have remote access enabled, i'll turn this off tonight and hopefully that will close it from the outside. Will test again tomorrow.
Netgear wndr3700 v2 Gargoyle 1.8.0
TP-Link Archer C7 v2 1.10.X (Built 20180122-0707)

cn008
Posts: 24
Joined: Tue Jan 24, 2012 3:54 pm

Re: Version 1.5.3 & 1.4.6

Post by cn008 »

not sure if I should upgrade to 1.4.6 now, or wait for next release with the .csv file issue being resolved.

I guess we should be able to upgrade from 1.4.5 to 1.4.7 or 1.4.8 directly.

tals
Posts: 247
Joined: Fri Dec 09, 2011 7:27 am

Re: Version 1.5.3 & 1.4.6

Post by tals »

tals wrote:** Thinking about it, this is probably because I have remote access enabled, i'll turn this off tonight and hopefully that will close it from the outside. Will test again tomorrow.
Confirmed if you turn remote access off then you cannot see this file outside your network, i'll keep remote access off till a fix is around but not so critical now imho.
Netgear wndr3700 v2 Gargoyle 1.8.0
TP-Link Archer C7 v2 1.10.X (Built 20180122-0707)

luddite
Posts: 12
Joined: Thu Apr 21, 2011 8:29 pm

Re: Version 1.5.3 & 1.4.6

Post by luddite »

Hi I just upgraded from 1.3.3 to 1.5.3 via the web interface and everything worked perfectly.

I imported the backup config and that was also perfect.

As far as I can tell everything works except the USB Storage.

The page loads in the web interface but there nothing there.

See below.

Image

Anything I need to do? I have tried rebooting. I dont want to do a reset but I guess I will have to if needed....

Thanks for continually making this better.

luddite
Posts: 12
Joined: Thu Apr 21, 2011 8:29 pm

Re: Version 1.5.3 & 1.4.6

Post by luddite »

Actually - even though the web interface is broken I edited the samba config and it was pointing to the old ntf directory. (The upgrade must have created a new share folder).

Once i changed that I could see the share on the network again.

However the web interface is still broken.

(On a seperate unrelated note transmission bittorrent is working perfectly in this release. So far so good anyway...)

Ports can't be opened. I edited /etc/config/firewall and rebooted the router but no outside port checkers or running daemons on the router can connect to that port. In this case it is transmission that I am concerned with.

Code: Select all

config 'rule'
        option 'name' 'TRANSMISSION_PORT_TCP'
        option 'src' 'wan'
        option 'proto' 'tcp'
        option 'dest_port' '58499'
        option 'target' 'ACCEPT'

config 'rule'
        option 'name' 'TRANSMISSION_PORT_UDP'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'dest_port' '58499'
        option 'target' 'ACCEPT'
Am I looking at this wrong?

sabrewulf
Posts: 5
Joined: Sun Mar 20, 2011 10:53 pm

Re: Version 1.5.3 & 1.4.6

Post by sabrewulf »

luddite wrote:Actually - even though the web interface is broken I edited the samba config and it was pointing to the old ntf directory. (The upgrade must have created a new share folder).

Once i changed that I could see the share on the network again.

However the web interface is still broken.

(On a seperate unrelated note transmission bittorrent is working perfectly in this release. So far so good anyway...)

Ports can't be opened. I edited /etc/config/firewall and rebooted the router but no outside port checkers or running daemons on the router can connect to that port. In this case it is transmission that I am concerned with.

Code: Select all

config 'rule'
        option 'name' 'TRANSMISSION_PORT_TCP'
        option 'src' 'wan'
        option 'proto' 'tcp'
        option 'dest_port' '58499'
        option 'target' 'ACCEPT'

config 'rule'
        option 'name' 'TRANSMISSION_PORT_UDP'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'dest_port' '58499'
        option 'target' 'ACCEPT'
Am I looking at this wrong?
think you missing one line from each rule.

option 'src_dport' '58499'

also I could be wrong, you dont need option 'target' 'ACCEPT'

Post Reply