cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6782
Views
0
Helpful
10
Replies

Beware of RV220W firmware 1.0.4.17

Joergen Thomsen
Level 1
Level 1

There are still some old and new issues. This should not be so at a previously highly rated router manufacturer as Cisco.

1) Please, observe, that after a firmware upgrade from 1.0.3.5 to 1.0.4.17 it was needed to delete all the access rules and create them again to make sure, they were all working   We had 40+ rules and were down for some several hours until this was detected. Outbound traffic was working.

Quite frankly: this has been seen before and why has Cisco not addressed this ? A smooth upgrade is expected by the customers.

2) The firmware is released with a reissued certificate with the same serial number.

This is bad practice and should simply not happen

It is preventing access to the router from e.g. the Firefox browser.

Old Certificate:

    Data:

        Version: 4 (0x3)

        Serial Number: 14872231 (0xe2eea7)

        Signature Algorithm: sha1WithRSAEncryption

        Issuer: CN=588D09E2EEA7, OU=RV220W, O=Cisco Systems, Inc., C=US

        Validity

            Not Before: Mar 13 02:40:08 2009 GMT

            Not After : Mar 11 02:40:08 2019 GMT

        Subject: CN=588D09E2EEA7, OU=RV220W, O=Cisco Systems, Inc., C=US

New Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 14872231 (0xe2eea7)

        Signature Algorithm: sha1WithRSAEncryption

        Issuer: CN=588D09E2EEA7, OU=RV220W, O=Cisco Systems, Inc., C=US

        Validity

            Not Before: Jan  1 00:00:15 2011 GMT

            Not After : Dec 29 00:00:15 2020 GMT

        Subject: CN=588D09E2EEA7, OU=RV220W, O=Cisco Systems, Inc., C=US

https://support.mozilla.org/en-US/kb/Certificate%20contains%20the%20same%20serial%20number%20as%20another%20certificate

3) The hair-pinning problem is still not solved saticfactorily.

All access from the LAN using public IP-adresses have the internal IP address of the router as the source address

I have not tested extensively yet, but at least now the IPv6 tunnel does not have to be restablished after a reboot and the NTP time settings seem to have been fixed.

10 Replies 10

linksysinfo
Level 4
Level 4

Joergen Thomsen wrote:

There are still some old and new issues. This should not be so at a previously highly rated router manufacturer as Cisco.

1) Please, observe, that after a firmware upgrade from 1.0.3.5 to 1.0.4.17 it was needed to delete all the access rules and create them again to make sure, they were all working   We had 40+ rules and were down for some several hours until this was detected. Outbound traffic was working.

Quite frankly: this has been seen before and why has Cisco not addressed this ? A smooth upgrade is expected by the customers.

Just some info for other users...

If you are deploying any update to a live system then you should either NOT upgrade untill all facts are known or you have run a test against some devices already. what happens if your router fails? do you have a spare? if so test the upgrade on that. if you dont have a spare then the live system is dead until a replacement is gained.

Personally the amount of changes on this firmware update should really make a full reset before/after the upgrade.

I'll list the known changes here in a moment.

Anyway just my two cents worth....

Regards Simon

http://www.linksysinfo.org

Regards Simon

Yep, that's the right way to do it. Just blame the customer and assume no responsibility for bad craftmanship.

SPR  Cisco CDET Description

---  ---------- ----------

30606           Dnsmasq process not running after uploading customer configuration

CSCua79476 Summary:upgrading from fw 1.0.3.5 to fw 1.0.4.15 causes connection issue where router becomes inaccessible

32569           DHCP option 150 is not getting configured in the backend and device is not responding for DHCP option 150 request from client.

22224           Device is accepting 64 characters for password field in 'change password' page.

23288           Validation of meridian field is not proper in wireless active time page, when both the start and stop

24788 CSCtn81241 GUI is showing blank page when user try to login to the device using IPv6 address with I.E. browser

25252           Problem routing TCP traffic in VPN(SSLVPN Over IPSEC)

26009 CSCtr39253 Need to allow user to upload self signed certificate in both self and trusted area.

26304           Unwanted error message observed when we click back button in wireless->edit security mode page

29213           In the system summary page, in the wireless section there is a profile name column present

29222           After operation succeeded message navigation warning message should not be observed in wireless secur

29768           Able to see inverted question mark(?) before the string in content filtering page.

29997           In the help pages "contents" heading is not completely displayed with Firefox browser

30013           SSL VPN Client portal,ipv4/ipv6 routing tables display,output of ping/traceroute/lookup help pages ar

30014           Go button is not working in all the help pages.

31251 CSCtz38609 Inbound rules are getting flushed automatically with the customer provided configuration

31362           Inbound firewall rules based on portforwarding rules are not getting up in the backened with customer

31458           No Reorder button found in IPv6 access rules page

31480           There is no provision to enable logging based on severity for Protectlink Facility in Add/Edit Loggin

31561           Device is not setting Dyndns account update after Dyndns update period is completed

31836           When DST for Central European Time is selected, then time is advanced by 7 hours instead of advancing

31995           Memory percentage is not shown accurately in Dashboard page.

32097           Unable to establish Quick VPN tunnel from Windows XP 32bit host.

32289           Unable to establish Quick VPN tunnel after changing password from the client.

32428           "i8HTMl missing" message is observed, in vpn users page

32542           Unable to connect wireless clients to the WPA/WPA2 configured Access points in B/G mixed mode

32796           Support to generate self sign certificate within the router

32868           issue related to related to the HREF link in OLH pages

SPR  Cisco CDET Description

---  ---------- ----------

22224           Device is accepting 64 characters for password field in 'change password' page.

23288           Validation of meridian field is not proper in wireless active time page, when both the start and stop

24788 CSCtn81241 GUI is showing blank page when user try to login to the device using IPv6 address with I.E. browser

25252           Problem routing TCP traffic in VPN(SSLVPN Over IPSEC)

26009 CSCtr39253 Need to allow user to upload self signed certificate in both self and trusted area.

26304           Unwanted error message observed when we click back button in wireless->edit security mode page

29213           In the system summary page, in the wireless section there is a profile name column present

29222           After operation succeeded message navigation warning message should not be observed in wireless secur

29768           Able to see inverted question mark(?) before the string in content filtering page.

29997           In the help pages "contents" heading is not completely displayed with Firefox browser

30013           SSL VPN Client portal,ipv4/ipv6 routing tables display,output of ping/traceroute/lookup help pages ar

30014           Go button is not working in all the help pages.

31251 CSCtz38609 Inbound rules are getting flushed automatically with the customer provided configuration

31362           Inbound firewall rules based on portforwarding rules are not getting up in the backened with customer

31458           No Reorder button found in IPv6 access rules page

31480           There is no provision to enable logging based on severity for Protectlink Facility in Add/Edit Loggin

31561           Device is not setting Dyndns account update after Dyndns update period is completed

31836           When DST for Central European Time is selected, then time is advanced by 7 hours instead of advancing

31995           Memory percentage is not shown accurately in Dashboard page.

32097           Unable to establish Quick VPN tunnel from Windows XP 32bit host.

32289           Unable to establish Quick VPN tunnel after changing password from the client.

32428           "i8HTMl missing" message is observed, in vpn users page

32542           Unable to connect wireless clients to the WPA/WPA2 configured Access points in B/G mixed mode

32796           Support to generate self sign certificate within the router

32868           issue related to related to the HREF link in OLH pages

21593 CSCto46996 PPTP clients connected to device are not shown in VPN connection status page.

24792 CSCtr91709 / CSCtq92193    PPTP connection remains active after PPTP user is disabled/deleted in the device.

27582 CSCtt85240 Serial number for the VPN users on next page restart at 1 instead of 11

29336           Device is not redirecting to the last screen displayed before logout after session expire.

29345           Observed page with login fields greyed out when trying to access non existent portal

29346           Observed page with login fields greyed out when trying to access portal with no user on it

29397           Lan Static Routes Functionality is not Working when inter vlan routing is disabled.

30001           In SSLVPN client portal page, tooltips should be displayed in the particular language instead of English

30003           Special/weird characters are observed in SSL VPN Client portal page.

30011           Blocked to login by Admin, message was displayed in English language only

30015           Access denied to this webpage message page's look and feel is not good

30198           By Default "Blocked to login by Admin" message is not shown for guest user

30195           Wireless LED is glowing after reboot even if radio is disabled.

30576           Localization changes listed by Cisco in system summary, dashboard and radvd page, available lan host page.

04/04/2012

Latest Firmware- 1.0.4.11

19950 CSCtj57051  Entity MIB (RFC 2723) is to be supported as per Software baseline spec from Cisco

20211 CSCtj78178  Reset statistic counters

22412             User not able to delete logging policy once used in remote logging page.

24645             Default date on RV Series should be 2011

25360 CSCtr18462  Able to scan SSID and Wireless LED is glowing even if radio interface is disabled

25499             Typo in tooltips on VPN users page

25610             PPTP users can access a router that has management interface disabled.

26254             After deleting the vlan's, Still we can see upnp process running on used vlan's

26281             Bonjour page uniqueness (all vlan entries are not getting grayed out when bonjour disable)

27289 CSCts95836  wan traffic metering is not working if monthly limit is set as large value(3GB)

29248             No validation in i

21593 CSCto46996  PPTP clients connected to device are not shown in VPN connection status page.

24792 CSCtr91709 / CSCtq92193    PPTP connection remains active after PPTP user is disabled/deleted in the device.

27582 CSCtt85240  Serial number for the VPN users on next page restart at 1 instead of 11

29336             Device is not redirecting to the last screen displayed before logout after session expire.

29345             Observed page with login fields greyed out when trying to access non existent portal

29346             Observed page with login fields greyed out when trying to access portal with no user on it

29397             Lan Static Routes Functionality is not Working when inter vlan routing is disabled.

30001             In SSLVPN client portal page, tooltips should be displayed in the particular language instead of English

30003             Special/weird characters are observed in SSL VPN Client portal page.

30011             Blocked to login by Admin, message was displayed in English language only

30015             Access denied to this webpage message page's look and feel is not good

30198             By Default "Blocked to login by Admin" message is not shown for guest user

30195             Wireless LED is glowing after reboot even if radio is disabled.

30576             Localization changes listed by Cisco in system summary, dashboard and radvd page, available lan host page.

29310             Traffic is not fallowing ipv6 firewall rules added with source or destination as range

29336             Device is not redirecting to the last screen displayed before logout after session expire.

29718             There is an unwanted symbol present at the bottom in the add firewall rule page

29816             Enhancement to add Static DNS for PPPoE profiles

29998             SSLVPN policy status is displayed in English language though added using other language

30006             Got $|tr Strings["11383"] or 'i18nHTMLMising'|$ when trying to add intervlan firewall rule with source and destination as same vlan for all languages except english .

30008             In French Language, We are able to see 3 vlans instead of 2(available vlans) for destination vlan name in access rule page

30012             Observed special characters in login page(password,Login) for Spanish Language

30020             "Tunnel" word should change as per the language selected

30022             Letter on the buttons got truncated in Dutch,Italian,Spanish,French languages

02/24/2012

Latest Firmware- 1.0.4.6

29335             Device is showing html error message in approved urls edit page(protectlink).

22178             Password Aging page is missing

12637             Language Selection support is not yet added

24778             Leaking RIP packets to WAN in gateway mode

24537             Windows 7 64 machine giving security warning for valid digital certification to virtual passage driver and SSL binariers

29276             GUI is displaying "i8html missing" when admin user try to configure DMZ

The following changes are introduced in MR2

===========================================

1. IPv6 Firewall support

2. Inter- VLAN Firewall support

3. Boot time optimizations

4. VLAN optimizations

5. CIAM Alerts fixes

6. Localization support

10/10/2011

Latest Firmware- 1.0.3.5

22336             SSL VPN tunnel not establishing with Linux client (java version 6 update 24 and 25) and Mac OSX client

27026             Need to add zero offset in time zone page for dst offset

27045             ntp configuration issue in RV220W firmware 1.0.3.4

22472             Guests should not be able to view admin tab

20205             Incorrect default Channel value

Regards Simon
http://www.linksysinfo.org

Regards Simon

Firmware- 1.0.4.17, full reset

Sometimes GUI do not respond (not being able to load).

For example, right after logging.

msavard99
Level 1
Level 1

I really have to recreate all of my access rules ?

I still have 3 of those routers !

I aslo cant believe they still have hair-pinning problem !

Am i correct in saying that the so called hairpining problem is just that Cisco have not added this as a feature?

Sent from Cisco Technical Support iPad App

Regards Simon

Any cheap router is supporting this, so it should rather be considered basic router functionality than an optional feature.

at first, it didnt work, and then they let me use a beta version (last year, had to call them) and it worked well. And then a new official firmware came out and it didnt worked again.

I made the mistake to delete the beta version I had, of course...

So now all my users whith a laptop need to use different shortcuts to access our servers according to where they are (in or out the office).

Hair-pinning is a pretty basic feature, we shouldnt even talk about it IMO. I bought 4 of these routers, still using 3 but you can be sure I wont replace them with Ciscos.

Well, actually it does work when you are having an access rule for each port used, but the weird thing is, that the source address of the request is the LAN router address making it impossible to act based on which IP-addresses the request is originating.

The DMZ feature is also basic router functionality, but apparently only present as a GUI checkbox, which I have not yet discovered the purpose of.

Anyway an access rule as

Always Allow      Any     Enabled      Inbound (WAN (Internet) > LAN (Local Network))      192.168.1.5 - 192.168.1.254

will open the LAN for access to any server port using the external IP. It seems to be working although it is not inbound WAN traffic.

However, as the external address is not mentioned in this rule, probably only sites with a single server can use it.