Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Re: Has my Router been hacked??

Deenkee-Du
Aspirant
Aspirant
‎2021-06-29 10:12 AM
‎2021-06-29 10:12 AM

Has my Router been hacked??

Hello!

Lately, I have noticed some very strange behavior from my router. Keeping in mind that I am not a compete noob - I have a general understanding of how TCP/IP and the 7 layer OSI model are supposed to work - I would like to know if its possible to flash the original firmware back onto the router - so that I can start-over, fresh. I am fairly confident that my router has been hacked and its original firmware/software modified. The reason I believe this is because every time I attempt to "reset to factory default" as described in your documentation - the routers original default login never resets to the original "admin" and "password" AND the password recovery tool fails to do its job. Another indicator that the router is hacked can be seen in the following log snippet which shows todays date for the 1st log entery then the date drops back to November 11, 2020, for the next two log entries then jumps the date jumps back to today for the remainder of the log. Pretty sure that is NOT how the log is supposed to work.......

 

I have a Nighthawk R7450

its running firware V1.2.0.76_1.0.1

My desktop runs MX-Linux 19 and Windows 10, and it is connected via ethernet cable to the router which was purchsed in the summer of 2019.

 

Any help is appreciated......

Model: R7450|Nighthawk AC2600 Smart WiFi Router
Message 1 of 5
0 Kudos
Reply
slackrl
Luminary
Luminary
‎2021-06-29 08:39 PM
‎2021-06-29 08:39 PM

Re: Has my Router been hacked??

Will try to help..

 

I have not known with the NetGear routers that I have own to go backwards on an update.

Have not heard of reflashing one.

 

But if you want to give updating to Version 1 of your firmware a try  here goes.

 

This is how to do a manual update

 

1st.  If you can still get on line go the your network login to your NetGear account in support and look at your model number's

firmware revision versions you might also try these links..

 

https://www.netgear.com/support/download/

then put in your router's model number

or use

https://www.netgear.com/support/download/?model=R7450

 

Important steps

Download the 1st version update

Download the current version update

Reason, some routers 1st version update may not allow your router to reconnect to your isp.

And you may have to upgrade to a higher version to reestablish reconnecting to your isp's modem.

 

Looks like the 1st version for you rounter was 1.2.0.32

Versions  to consider.. 1.2.0.74 1.2.0.76

At any rate you want get back to the most current version.

 

Example

Select Firmware Verion R7450-V1.2.0.32_1.0.1 this should download a ziip file.

R7450-V1.2.0.32_1.0.1.zip

Move the zip In to a folder of your choice

Then upzip/extract the file, the contents of the .zip file

2 files will be unzipped

R7450-V1.2.0.32_1.0.1.img

R7450-V1.2.0.32_1.0.1_Release_Notes.html

 

Do the same for the other two version of firmware updates

Note: upgrade to at least   1.2.0.74        or the version where everything was working and then work you way up.

 

2nd. Then do a factory reset on your router.

 

This will let you see if your router will return to it's original out of the box setting with the most current firmware.

 

If you have not done so...

Take the router completely off your network including disconnecting from your isp

( Unplugging the yellow port) then only connecting a ethernet cable from your router to your PC.

This will allow only the PC to talk to the router unless you have allow other device to connect to the router in it out of the box state.

 

Good Idea You may want to scan your PC for infections.

 

Do not plug the pc ethernet cable into the router's  yellow wan port use any Lan port 1-4.

 

Open a browser on your pc and connect to 192.168.1.1

Then see if you can login with the factory default admin and password..

If this works you know you can at least get into  your router with the original credentials.

Your version  should be the most current one.

 

3rd. If you still want to install version 1.

 

After successful router login go to...

ADVANCE | Administration | Router Update

Once you reach this browser page do not click on  Check for new update.

Use the browse function instead and locate the folder where you dowloaded the

Version 1 extracted file  R7450-V1.2.0.32_1.0.1.img and select this file.

Then select Upload

wait for the Update to complete.

Factory Reset you Rounter

You may want to check the version to see if it downgraded reverted back to the 1st version.

If you can get back into you router repeate the steps and update to at lest the .74 version.

 

Note: A suggestion If all goes well I would not restore every device on your network I would turn off the wireless

2.4  and 5G and only connect with the pc ethernet for testing. A way to make sure one of your other devices are not inroducing the

hack.. Clean your pc so that you know you have a clean device.

-On your router do not enable remote access a sure way hackers can get in.

-Create and new modem admin and password

-Do not use admin as the the modem admin user login.  Create a new admin password

-Create a new login password for all your devices

- Pain staking process however try turning off all devices adding each device back one at a time to see if they are door for the breach.

Turn your 2.4 and 5G back on one at a time testing as your go.

 

Make sure all of your devices have cureent software patching.

 

I know these are a lot of steps... But it's what we do.

 

RSlack

Message 2 of 5
0 Kudos
Reply
slackrl
Luminary
Luminary
‎2021-06-29 08:44 PM
‎2021-06-29 08:44 PM

Re: Has my Router been hacked??

PS

You may want change your SSID Name.

RSlack

 

Message 3 of 5
0 Kudos
Reply
slackrl
Luminary
Luminary
‎2021-06-29 11:38 PM
‎2021-06-29 11:38 PM

Re: Has my Router been hacked??

PS 

Found this link also

And it may be close to what you are looking for to flash your router's firmware.

 

https://kb.netgear.com/000059633/How-to-upload-firmware-to-a-NETGEAR-router-using-TFTP-client

 

RSlack

Message 4 of 5
0 Kudos
Reply
slackrl
Luminary
Luminary
‎2021-07-08 03:57 PM
‎2021-07-08 03:57 PM

Re: Has my Router been hacked??

@slackrl wrote:

PS 

Found this link also

And it may be close to what you are looking for to flash your router's firmware.

 

https://kb.netgear.com/000059633/How-to-upload-firmware-to-a-NETGEAR-router-using-TFTP-client

 

RSlack

Tried this one myslef and could not get it to work

I have a NetGear WNDR4500v2 AC Rounter that will not grant access to the WEB site built into the router.

Downloadded Tftp64

After following the instructions:

-Never cam get the up-load to start  “0 block retransmitted"

-The Server interface will at times drop the 162.168.1.10 or what ever ip address I set the

  NIC Card, address and revert back to 127.0.0.1 Software Loopback Interface 1.

-Per instruction I do not see my router flash an amber power light after repowering.

-Per insturction with just waiting for the router to boot all the way...sitll no upload

 This cound be a router problem not accepting a communication.

-Tried disabling windows firewall on PC  still wont work.

 

Wanted to test this out to restore an older router and for this post.

Anyone with Tftp experience fell free to chine in.

 

RSlack

 

 

Message 5 of 5
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 4 replies
  • ‎2021-06-29 10:12 AM
  • 5870 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 7