NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAX48 hacked?
So I purchased this router from Best Buy Canada last week. Installed it Wednesday night. Checked for firmware updates through the GUI and there weren't any. Thursday it locked up, had to reboot it. Friday it locked up, had to reboot it. Saturday it locked up so bad I had to do a complete reset and reprogram of it. Called tech, discovered there was a firmware update (router said there wasn't) so I manually pushed it. All good until today. This morning I guess it got hacked because the SSID changed to something called Bernie_RAX50 (remember, I have an RAX48). I'm at work so my kids are trying to do schooling from home with no internet for the third time in six days.
So.....anyone else have issues today? Not sure if they accessed through Netgear, or the Nighthawk app, or just got dumb lucky and tripped over it. Or if someone actually honestly thought they were programming their router online and somehow got mine which is a very scary thought.
I have never had such issues with a router in my life, especially one I spent almost $300 on. Thoughts from the community..? Is this just a bad unit? I have read both good and bad reviews on it and right now I would be hard pressed to give it one star out of five. I'm debating just shipping it back and ordering an Asus instead. I have wasted far too much time and with two kids trying to graduate high school this year I can't have them stuck like this every single day.
22 Replies
Replies have been turned off for this discussion
Hi kafkaesque,
If you recently purchased the device I would recommend contacting our support team as newly purchased devices are provided with 90 days of complimentary support. You may open a ticket by registering your device using the link below.
https://www.netgear.com/support/contact.aspx
Christian
- I did contact support and got the 'here is how to reset your router' reply which I had already done long before that. That's not my point. I'm trying to figure out if this is a bad unit or a bad router in general and more importantly how someone got into my router in the first place.
Not being offered a firmware upgrade on the webinterface/ mobile app immediately, although you can find it for manual downloading/ installing, wouldn't worry me too much, as the world-wide deployment seems to happen slightly gradually. Obviously that shouldn't leave you more than one firmware version behind - and that only for a limited amount of time, until the automatic deployment reaches your device.
(Disclaimer: I don't know that exact device, nor which initial firmware version it ships with, which would be the basis to know if you should get offered an upgrade immediately (because the current version has been around for longer) or if it might just be a matter of time).
While any technical device poses the risk of being hacked due to security issues, I wouldn't quite expect that to happen this quickly, nor visibly - after all 'professional' attackers are more interested to remain under the radar (adding your network to their botnet, injecting ads, seeking weaknesses in your LAN and potentially staging extortion attack, etc. pp.), rather than forcing you off the network and thereby making you notice immediately (and sort out the issue/ pushing them out again) . Although it's very hard to guess, based on the provided information, it's imho more likely that you've fallen prey to accidental misconfiguration (think auto-correct messing up SSID/ PSK or one of your family members having done a mistake). The alternative would be that somehow your configuration was left open wide enough, to allow rather unskilled script-kiddies to get access (things like PSK/ admin password way to weak, wireless encryption intentionally disabled, remote configuration with way to weak passwords). In general the default configuration wouldn't really pose that risk (although you should definitively pick a custom ESSID and add better/ strong passwords/ PSKs). If you suspect foul play, doing a full factory reset would also be strongly advised.
Hello,
Just had the same issue this morning. My router is a Nighthawk AX6 AX5400 Model: RAX50 running V1.0.2.82_2.0.50.
I've had this router sice May 19, 2020 and never had an issue. Only recent change is that I switched from Xfinity to ATT fiber 4 days ago.
I'm having the same problem. Same change to the wifi network name; "Bernie_RAX50_2GN" and "Bernie_RAX50_5GNN". I paid for the GearHead support and they haven't been able to help me either. It seems like it's not a hacker since it is the same issue you described. However could be something targeting netgear routers specifically, I have no idea. I'd appreciate some real help, as the support seems to know less about it than I do.
I have sent this issue over to engineering it looks like this is a default wifi name the engineers used so I don't believe your routers are getting hacked they are just reverting to a saved name in the router.
DarrenM
I have had the same issue multiple times now. Both the 2g and 5g wifi signals will "magically" turn into Bernie_Rax45 2g and 5g.
I have to hard reset and reprogam every time it does this.
Is there a fix for this? I have only had this router for about 45 days now.
Thanks
For that router, if possible head to the router IP /debug.htm and click "Start Capture" then after around 2-3 minutes, click on "Save Debug Log".
It will be in the form of a .zip file.
Extract the zip file to a new folder
Look for a text file names something like Console-log1.txt
After that, open the file and scroll past the ping test section, and then look at some of those default config settings, especially the SSID info in the router info section.
PS, avoid sharing debug logs in a public setting as they contain all NVRAM values, which includes WiFi passwords, DDNS settings, and any other settings that were changed.
Installed the new firmware and rebooted. Still have the Bernie SSIDs.
If you are experiencing issues with your routers SSID changing to Bernie please PM me I have a trial firmware that has a fix for this issue.
Thanks
Darren
