So I purchased this router from Best Buy Canada last week. Installed it Wednesday night. Checked for firmware updates through the GUI and there weren't any. Thursday it locked up, had to reboot it. Friday it locked up, had to reboot it. Saturday it locked up so bad I had to do a complete reset and reprogram of it. Called tech, discovered there was a firmware update (router said there wasn't) so I manually pushed it. All good until today. This morning I guess it got hacked because the SSID changed to something called Bernie_RAX50 (remember, I have an RAX48). I'm at work so my kids are trying to do schooling from home with no internet for the third time in six days.
So.....anyone else have issues today? Not sure if they accessed through Netgear, or the Nighthawk app, or just got dumb lucky and tripped over it. Or if someone actually honestly thought they were programming their router online and somehow got mine which is a very scary thought.
I have never had such issues with a router in my life, especially one I spent almost $300 on. Thoughts from the community..? Is this just a bad unit? I have read both good and bad reviews on it and right now I would be hard pressed to give it one star out of five. I'm debating just shipping it back and ordering an Asus instead. I have wasted far too much time and with two kids trying to graduate high school this year I can't have them stuck like this every single day.
If you recently purchased the device I would recommend contacting our support team as newly purchased devices are provided with 90 days of complimentary support. You may open a ticket by registering your device using the link below.
I did contact support and got the 'here is how to reset your router' reply which I had already done long before that. That's not my point. I'm trying to figure out if this is a bad unit or a bad router in general and more importantly how someone got into my router in the first place.
Not being offered a firmware upgrade on the webinterface/ mobile app immediately, although you can find it for manual downloading/ installing, wouldn't worry me too much, as the world-wide deployment seems to happen slightly gradually. Obviously that shouldn't leave you more than one firmware version behind - and that only for a limited amount of time, until the automatic deployment reaches your device.
(Disclaimer: I don't know that exact device, nor which initial firmware version it ships with, which would be the basis to know if you should get offered an upgrade immediately (because the current version has been around for longer) or if it might just be a matter of time).
While any technical device poses the risk of being hacked due to security issues, I wouldn't quite expect that to happen this quickly, nor visibly - after all 'professional' attackers are more interested to remain under the radar (adding your network to their botnet, injecting ads, seeking weaknesses in your LAN and potentially staging extortion attack, etc. pp.), rather than forcing you off the network and thereby making you notice immediately (and sort out the issue/ pushing them out again) . Although it's very hard to guess, based on the provided information, it's imho more likely that you've fallen prey to accidental misconfiguration (think auto-correct messing up SSID/ PSK or one of your family members having done a mistake). The alternative would be that somehow your configuration was left open wide enough, to allow rather unskilled script-kiddies to get access (things like PSK/ admin password way to weak, wireless encryption intentionally disabled, remote configuration with way to weak passwords). In general the default configuration wouldn't really pose that risk (although you should definitively pick a custom ESSID and add better/ strong passwords/ PSKs). If you suspect foul play, doing a full factory reset would also be strongly advised.
I also have similar problem yesterday (model RAX50), with SSID changed to "Bernie_RAX50_2G" (or 5G) (exactly as the same name as encountered by the owner of this thread).
I think it is not a standalone case. How have you resolved such an issue?
Would you mind providing the current firmware version you have installed on the router? Also, have you had a moment to get in contact with our support team?
Have already contacted the online support and got some initial standard answers for troubleshooting.
Anyway I have reset to the router's factory setting and reinstall it, and now it is in order. When I login to the www.routerlogin.net, I am informed no firmware upgrade is necessary.
However, I still don't know why my SSID could be suddenly changed to "Bernie_RAX50_2G" (or 5G) - without truly knowing the reasons behind (especially this is not a standalone case), it could happen again in future without notice.
I bought this RAX50 on 14 Feb 2021 and I only use it for 10 days, and I notice the latest version firmware is dated 27 January 2021 and therefore the firmware should not be the issue.
I would recommend contacting our support team again and if your case is still open. If not, please send me a private message with your case number and email address.
Same happened for me today RAX50-5400-AX6, firmware version to V1.0.2.82_2.0.50 At the moment I haven no trust in this product and fell very insecure in my network security.
It's fairly obvious that these devices aren't 'hacked', the "Bernie_RAX50" SSID is actually part of the official hardware - apparently some kind of fallback, triggered by 'something' (sorry, I don't have any of those devices). Obviously this shouldn't happen and is grounds for (functional, apparently not security based) concerns to settle with support.
This happened to me on 7/20/2021. Network SSID was suddenly changed to "Bernie" for the 2.4Ghz and 5.0 Ghz band. The firmware version running is "V1.0.2.82_2.0.50". A full factory reset got the device up and runnign again. The RAX50 router is connected to s Starlink modem.
I'm having the same problem. Same change to the wifi network name; "Bernie_RAX50_2GN" and "Bernie_RAX50_5GNN". I paid for the GearHead support and they haven't been able to help me either. It seems like it's not a hacker since it is the same issue you described. However could be something targeting netgear routers specifically, I have no idea. I'd appreciate some real help, as the support seems to know less about it than I do.
I have sent this issue over to engineering it looks like this is a default wifi name the engineers used so I don't believe your routers are getting hacked they are just reverting to a saved name in the router.
For that router, if possible head to the router IP /debug.htm and click "Start Capture" then after around 2-3 minutes, click on "Save Debug Log".
It will be in the form of a .zip file.
Extract the zip file to a new folder
Look for a text file names something like Console-log1.txt
After that, open the file and scroll past the ping test section, and then look at some of those default config settings, especially the SSID info in the router info section.
PS, avoid sharing debug logs in a public setting as they contain all NVRAM values, which includes WiFi passwords, DDNS settings, and any other settings that were changed.
Has anybody tried the software update? My RAX50 just did this again, right now I'm using the Bernie SSID since i need my internet up right now and I can't take a chance on screwing things up by installing new firmware or re-installing the old firmware.
Also, does a firmware install completely wipe all the router settings? I am piggybacking the RAX50 on a AT&T BGW210 and I would hate to have to do that installation again.
No, doesn't wipe settings. Though it's recommened to turn OFF The router for 1 minute after a FW update and then back ON. Usually no problems are seen. IF problems are need after a FW update, a factory reset and setup from scratch maybe needed as a troubleshooting step.
