NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
RAX48 hacked?
So I purchased this router from Best Buy Canada last week. Installed it Wednesday night. Checked for firmware updates through the GUI and there weren't any. Thursday it locked up, had to reboot it...
I did contact support and got the 'here is how to reset your router' reply which I had already done long before that. That's not my point. I'm trying to figure out if this is a bad unit or a bad router in general and more importantly how someone got into my router in the first place.
Not being offered a firmware upgrade on the webinterface/ mobile app immediately, although you can find it for manual downloading/ installing, wouldn't worry me too much, as the world-wide deployment seems to happen slightly gradually. Obviously that shouldn't leave you more than one firmware version behind - and that only for a limited amount of time, until the automatic deployment reaches your device.
(Disclaimer: I don't know that exact device, nor which initial firmware version it ships with, which would be the basis to know if you should get offered an upgrade immediately (because the current version has been around for longer) or if it might just be a matter of time).
While any technical device poses the risk of being hacked due to security issues, I wouldn't quite expect that to happen this quickly, nor visibly - after all 'professional' attackers are more interested to remain under the radar (adding your network to their botnet, injecting ads, seeking weaknesses in your LAN and potentially staging extortion attack, etc. pp.), rather than forcing you off the network and thereby making you notice immediately (and sort out the issue/ pushing them out again) . Although it's very hard to guess, based on the provided information, it's imho more likely that you've fallen prey to accidental misconfiguration (think auto-correct messing up SSID/ PSK or one of your family members having done a mistake). The alternative would be that somehow your configuration was left open wide enough, to allow rather unskilled script-kiddies to get access (things like PSK/ admin password way to weak, wireless encryption intentionally disabled, remote configuration with way to weak passwords). In general the default configuration wouldn't really pose that risk (although you should definitively pick a custom ESSID and add better/ strong passwords/ PSKs). If you suspect foul play, doing a full factory reset would also be strongly advised.
I also have similar problem yesterday (model RAX50), with SSID changed to "Bernie_RAX50_2G" (or 5G) (exactly as the same name as encountered by the owner of this thread).
I think it is not a standalone case. How have you resolved such an issue?
Hello espf,
Would you mind providing the current firmware version you have installed on the router? Also, have you had a moment to get in contact with our support team?
Regards,Christian
Have already contacted the online support and got some initial standard answers for troubleshooting.
Anyway I have reset to the router's factory setting and reinstall it, and now it is in order. When I login to the www.routerlogin.net, I am informed no firmware upgrade is necessary.
However, I still don't know why my SSID could be suddenly changed to "Bernie_RAX50_2G" (or 5G) - without truly knowing the reasons behind (especially this is not a standalone case), it could happen again in future without notice.
I bought this RAX50 on 14 Feb 2021 and I only use it for 10 days, and I notice the latest version firmware is dated 27 January 2021 and therefore the firmware should not be the issue.
