- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Has my Router been hacked??
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has my Router been hacked??
Hello!
Lately, I have noticed some very strange behavior from my router. Keeping in mind that I am not a compete noob - I have a general understanding of how TCP/IP and the 7 layer OSI model are supposed to work - I would like to know if its possible to flash the original firmware back onto the router - so that I can start-over, fresh. I am fairly confident that my router has been hacked and its original firmware/software modified. The reason I believe this is because every time I attempt to "reset to factory default" as described in your documentation - the routers original default login never resets to the original "admin" and "password" AND the password recovery tool fails to do its job. Another indicator that the router is hacked can be seen in the following log snippet which shows todays date for the 1st log entery then the date drops back to November 11, 2020, for the next two log entries then jumps the date jumps back to today for the remainder of the log. Pretty sure that is NOT how the log is supposed to work.......
I have a Nighthawk R7450
its running firware V1.2.0.76_1.0.1
My desktop runs MX-Linux 19 and Windows 10, and it is connected via ethernet cable to the router which was purchsed in the summer of 2019.
Any help is appreciated......
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Has my Router been hacked??
Will try to help..
I have not known with the NetGear routers that I have own to go backwards on an update.
Have not heard of reflashing one.
But if you want to give updating to Version 1 of your firmware a try here goes.
This is how to do a manual update
1st. If you can still get on line go the your network login to your NetGear account in support and look at your model number's
firmware revision versions you might also try these links..
https://www.netgear.com/support/download/
then put in your router's model number
or use
https://www.netgear.com/support/download/?model=R7450
Important steps
Download the 1st version update
Download the current version update
Reason, some routers 1st version update may not allow your router to reconnect to your isp.
And you may have to upgrade to a higher version to reestablish reconnecting to your isp's modem.
Looks like the 1st version for you rounter was 1.2.0.32
Versions to consider.. 1.2.0.74 & 1.2.0.76
At any rate you want get back to the most current version.
Example
Select Firmware Verion R7450-V1.2.0.32_1.0.1 this should download a ziip file.
R7450-V1.2.0.32_1.0.1.zip
Move the zip In to a folder of your choice
Then upzip/extract the file, the contents of the .zip file
2 files will be unzipped
R7450-V1.2.0.32_1.0.1.img
R7450-V1.2.0.32_1.0.1_Release_Notes.html
Do the same for the other two version of firmware updates
Note: upgrade to at least 1.2.0.74 or the version where everything was working and then work you way up.
2nd. Then do a factory reset on your router.
This will let you see if your router will return to it's original out of the box setting with the most current firmware.
If you have not done so...
Take the router completely off your network including disconnecting from your isp
( Unplugging the yellow port) then only connecting a ethernet cable from your router to your PC.
This will allow only the PC to talk to the router unless you have allow other device to connect to the router in it out of the box state.
Good Idea You may want to scan your PC for infections.
Do not plug the pc ethernet cable into the router's yellow wan port use any Lan port 1-4.
Open a browser on your pc and connect to 192.168.1.1
Then see if you can login with the factory default admin and password..
If this works you know you can at least get into your router with the original credentials.
Your version should be the most current one.
3rd. If you still want to install version 1.
After successful router login go to...
ADVANCE | Administration | Router Update
Once you reach this browser page do not click on Check for new update.
Use the browse function instead and locate the folder where you dowloaded the
Version 1 extracted file R7450-V1.2.0.32_1.0.1.img and select this file.
Then select Upload
wait for the Update to complete.
Factory Reset you Rounter
You may want to check the version to see if it downgraded reverted back to the 1st version.
If you can get back into you router repeate the steps and update to at lest the .74 version.
Note: A suggestion If all goes well I would not restore every device on your network I would turn off the wireless
2.4 and 5G and only connect with the pc ethernet for testing. A way to make sure one of your other devices are not inroducing the
hack.. Clean your pc so that you know you have a clean device.
-On your router do not enable remote access a sure way hackers can get in.
-Create and new modem admin and password
-Do not use admin as the the modem admin user login. Create a new admin password
-Create a new login password for all your devices
- Pain staking process however try turning off all devices adding each device back one at a time to see if they are door for the breach.
Turn your 2.4 and 5G back on one at a time testing as your go.
Make sure all of your devices have cureent software patching.
I know these are a lot of steps... But it's what we do.
RSlack
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Has my Router been hacked??
PS
You may want change your SSID Name.
RSlack
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Has my Router been hacked??
PS
Found this link also
And it may be close to what you are looking for to flash your router's firmware.
https://kb.netgear.com/000059633/How-to-upload-firmware-to-a-NETGEAR-router-using-TFTP-client
RSlack
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Has my Router been hacked??
@slackrl wrote:PS
Found this link also
And it may be close to what you are looking for to flash your router's firmware.
https://kb.netgear.com/000059633/How-to-upload-firmware-to-a-NETGEAR-router-using-TFTP-client
RSlack
Tried this one myslef and could not get it to work
I have a NetGear WNDR4500v2 AC Rounter that will not grant access to the WEB site built into the router.
Downloadded Tftp64
After following the instructions:
-Never cam get the up-load to start “0 block retransmitted"
-The Server interface will at times drop the 162.168.1.10 or what ever ip address I set the
NIC Card, address and revert back to 127.0.0.1 Software Loopback Interface 1.
-Per instruction I do not see my router flash an amber power light after repowering.
-Per insturction with just waiting for the router to boot all the way...sitll no upload
This cound be a router problem not accepting a communication.
-Tried disabling windows firewall on PC still wont work.
Wanted to test this out to restore an older router and for this post.
Anyone with Tftp experience fell free to chine in.
RSlack
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more