NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
markman
Oct 16, 2017Aspirant
WNDR4000 - Blocking Admin Access After Latest Security Update
I updated the firmware in response to a notice I received from Netgear about a security fix. Now, every time I adjust the various settings and the router reboots it blocks my access to the admin pag...
- Oct 24, 2017
I just applied the latest Firmware (1.0.2.6) update as well, I don't recall the previous version, but it was a much earlier version 1.0.0 (not sure of the last digits). After the update and installation completed (which was applied by direct ethernet connection, i.e. not WIFI), I can no longer connect to the web Administration Page via the default gateway IP address. What's odd is all my setups remained in tact after the Firmware update was applied, including the authentication credentials. If I run an IPCONFIG, the settings for DHCP, Gateway, etc are all as was on my directly connected laptop. But, when I first re-open the admin page using the default gateway IP address and authenticating I receive the message "You are currently logged in from another device. There can be only one device logged in at a time. If you log in from this device, the other device will be logged out. Do you want to proceed?", as I was in the same, or original browser session when the firmware update was applied I clicked "yes" to proceed, after which the connection fails to open the adminstration page. I tried different browsers (Chrome, IE), still no access.
I powered down the router, restarted, entered gateway IP address to connect to admin page, authenticated as requested and the same warning message appears ... "You are currently logged in from another device. There can be only one device logged in at a time. If you log in from this device, the other device will be logged out. Do you want to proceed?" But, this time, choose "No" and the response page displayed a conflicting dynamic IP address, which is different from the dynmamic IP address assigned to the laptop. which I applied the firmware upgrade from. On a whim, I turned off my WIFI connection on my cell phone. I tried to ping the new, conflicting IP address assigned and the request timed out. I then tried to connect to the administration page using the default gateway IP address, SUCCESS.
Bottom line, check what other device may be connected, which I was able to determine by choosing "No" to the Do you want to proceed?
Aaron407
Nov 03, 2017Tutor
I fought with this same issue today after recently updating the firmware. It would let me enter the login credentials, then tell me that another device was already logged in. If I clicked on "yes" to kick the other device off, it would refuse the connection. Power cycling it didn't help and the problem continued, but I did eventually get it working.
After power cycling and entering the login credentials, I clicked on "no" when prompted to log out the other device, which then showed me the IP address that was apparently logged into it. I went to that device and was able to successfully log in, then log out. After that, I could successfully log in on the computer that I was originally attempting to use. It seems like it locks onto the last login device if you don't properly log out, and even a power cycle won't help. Since you can't force the log out as it states, it's certainly an issue with the firmware update, but fully logging out seems to work now. Hopefully it'll work for you as well.
- colemickensNov 08, 2017Initiate
This is unacceptable. I'm not logged in from any other device. Netgear shipped an update that causes their own Web UI to crash? What does that say about the security of this product? This is simply unacceptable. My router is now useless because I can't edit my firewall settings at all.
- ElaineMNov 08, 2017NETGEAR Employee Retired
- colemickensNov 08, 2017Initiate
I'm experiencing the exact symptoms in this thread.
So yes, I've already rebooted/reset the router. It's the only way to get the Web UI to come back up after it crashes.
Clearing browser history doesn't do anything. This is an issue with the router, where it stupidly tries to track the "managing client" by IP address.
Well guess what, after it applied the update, it lost the DHCP client cache, re-issued a new IP address to my laptop... and now I can't "logout" from there. And the "force logout" function is *exactly what is crashing the Web UI in the router*.
Like I said, unacceptable and amateurish, making me question the fundamental security of this product.