- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
N900 (WNDR4500v2) Web Administration not accessible
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Overnight, the router's Web administration server became inaccessible: the port 80 was closed, but everything else was still functioning properly (Wi-Fi, local connectivity and Internet, etc.). I had to change the configuration of the router so I tried a simple factory reset: the configuration of the router had been successfully reset, but I still do not have access to the administration Web interface. The router is now unusable since I cannot modify the configuration, and I can only use the router with the default configuration.
I tried several techniques without success: factory reset, hard reset (30/30/30), TFTP (on Windows and Linux), connection by all LAN ports or by Wi-Fi, Netgear Genie, etc.
Here is a nmap scan with all opened ports on the router:
Host is up (0.0028s latency). Scanned at 2017-07-20 04:57:22 CEST for 6778s Not shown: 65527 closed ports PORT STATE SERVICE VERSION 53/tcp open domain dnsmasq 2.15-OpenDNS-1 548/tcp open afp Netatalk 2.2.5 (name: WNDR4500v2; protocol 3.3) 1990/tcp open tcpwrapped 5000/tcp open tcpwrapped 5916/tcp open unknown 8200/tcp open tcpwrapped 20005/tcp open btx? NetUSB 33344/tcp open tcpwrapped NetUSB MAC Address: C4:04:15:11:xx:xx (Netgear,) Service Info: OS: Unix
curl http://192.168.1.1 curl: (7) Failed to connect to 192.168.1.1 port 80: Connection refused
Port 80 of the Web administration interface is not open.
I saw another person with the same problem but there is no solution:
http://www.tomshardware.co.uk/answers/id-2988795/netgear-wndr4500v2-wireless-router-issues.html
What can I do? Is the bug known? Thank you.
EDIT: OK, just found this thead:
I will try this if no one has a better idea here 🙂
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks to @AndyOxon I succeeded to unbrick my router!
I bought this cable (2.46€): niceeshop(TM) PL2303HX USB TTL Pour UART COM RS232 Câble Module Convertisseur (Noir, 1m)
https://www.amazon.fr/gp/product/B00F167PWE/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1
And I connect it to the router like here, switching TXD and RXD:
https://www.myopenrouter.com/article/how-set-serial-console-netgear-wndr4500v2
1- nothing
2- TXD, green cable
3- nothing
4- nothing
5- RXD, white cable
6- GND, black cable
I connected my laptop with the router on Ethernet port LAN1, and on USB with the PL2303HX cable.
Then, on my laptop, using Linux and picocom:
picocom -s 115200 /dev/ttyUSB0
I started by doing a normal boot and waited for a shell. Then, I kept CTRL + C on the picocom prompt and rebooted (physically) the router. A CFE prompt has appeared. I executed the following command:
CFE> nvram erase *** command status = 0
In another shell on my laptop, I connected in TFTP on the router:
tftp> connect 192.168.1.1 tftp> mode binary tftp> timeout 90 tftp> put WNDR4500v2-V1.0.0.62_1.0.39.chk
Do not hit enter after the "put" command!
Back to the CFE shell in picocom:
CFE> flash -noheader : flash1.trx
Press Enter and very quickly switch to the shell with TFTP and also press Enter to validate the "put" command.
CFE> flash -noheader : flash1.trx Reading :: Done. 12804154 bytes read Programming...done. 12804154 bytes written *** command status = 0 CFE> reboot Decompressing...done
and then... it does not work for me... yet.
This boot ends with:
Checking crc...Invalid boot block on disk [...] Start TFTP server Reading ::
Go back to the TFTP shell and execute the "put" command again. Into the picocom shell:
Reading :: Done. 12804154 bytes read Programming...done. 12804154 bytes written Decompressing...done [...]
And now it's all good! The router is fully functional using firmware 1.0.0.62_1.0.39 (and telnet backdoor is still here...).
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: N900 (WNDR4500v2) Web Administration not accessible
Welcome to the community, @Christophe56
Looks like you have done most of the troubleshooting and at this point it can already be considered faulty.
If this is still in warranty then you may want to contact support and get it replaced.
How do I request a Return Material Authorization (RMA)?
When you contact support have them record all the troubleshooting steps you have done for them to determine that it's already for an RMA.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: N900 (WNDR4500v2) Web Administration not accessible
Thank you @ElaineM. Unfortunately, the router is no longer under warranty.
I ordered a USB to RS232 cable, but in the meantime I managed to get a shell on the router.
Using the netgear backdoor described here, with the Python (UDP version) script:
https://wiki.openwrt.org/toh/netgear/telnet.console
https://github.com/insanid/netgear-telenetenable
./telnetenable.py 192.168.1.1 <routermacaddr> admin password Sent telnet enable payload to '192.168.1.1:23' root@eeepc:/# telnet 192.168.1.1 Trying 192.168.1.1... Connected to 192.168.1.1. Escape character is '^]'. BusyBox v1.7.2 (2015-06-04 17:07:24 CST) built-in shell (ash) Enter 'help' for a list of built-in commands. #
However, I can not launch the http server manually. Here are the error messages:
# httpd -E /usr/sbin/ca.pem /usr/sbin/httpsd.pem Can't find handler for ASP command: eco_get_redirect_link(); Can't find handler for ASP command: cdl_cgi_set_hijack(0); Can't find handler for ASP command: cdl_cgi_set_hijack(1); Info: No FWPT default policies. rmmod: l7_filter insmod: cannot insert '/lib/modules/2.6.22/kernel/lib/MultiSsidCntl.ko': Success (17) ioctl(BRCTL_SET_BCMCTF_ENABLE): Operation not supported ioctl(BRCTL_SET_BCMCTF_ENABLE): Operation not supported rmmod: /lib/modules/2.6.22/kernel/lib/AccessCntl.ko [AFP]: 0 partitions found. [AFP]: disk mountd:0 hfsplus mounted:0 [AFP]: no disk mounted. killall: bftpd: no process killed httpd: socket bound in 0.0.0.0:80. httpd: socket bound in 0.0.0.0:443. httpd_sig_usr:6060 buf: handle_genie: don't know how to process url
and httpd kills itself.
I think the interesting error is "httpd_sig_usr:6060" (httpd received a bad signal?)
If I put an HTTP request into /tmp/tmp_http_request.txt I can remove the handle_genie error and get a new one:
# echo "GET shares HTTP/1.0" > /tmp/tmp_http_request.txt # echo "Host: routerlogin.net" >> /tmp/tmp_http_request.txt # httpd -E /usr/sbin/ca.pem /usr/sbin/httpsd.pem Can't find handler for ASP command: eco_get_redirect_link(); Can't find handler for ASP command: cdl_cgi_set_hijack(0); Can't find handler for ASP command: cdl_cgi_set_hijack(1); Info: No FWPT default policies. rmmod: l7_filter insmod: cannot insert '/lib/modules/2.6.22/kernel/lib/MultiSsidCntl.ko': Success (17) ioctl(BRCTL_SET_BCMCTF_ENABLE): Operation not supported ioctl(BRCTL_SET_BCMCTF_ENABLE): Operation not supported rmmod: /lib/modules/2.6.22/kernel/lib/AccessCntl.ko [AFP]: 0 partitions found. [AFP]: disk mountd:0 hfsplus mounted:0 [AFP]: no disk mounted. killall: bftpd: no process killed httpd: socket bound in 0.0.0.0:80. httpd: socket bound in 0.0.0.0:443. httpd_sig_usr:6060 buf:GET shares HTTP/1.0 Host: routerlogin.net SendData3Client:763 error sending data.
But httpd is still killed...
erase nvram and reboot does not resolve the problem too.
- Does this problem talk to anyone?
- Can I flash the firmware from this console? Currently the firmware on the router is 1.0.0.60/1.0.38 and I would like to update it to 1.0.0.62/1.0.39, hoping that the update fix the problem. I am able to upload WNDR4500v2-V1.0.0.62_1.0.39.chk to the the router using wget but I don't know how to tell the router that it should apply it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks to @AndyOxon I succeeded to unbrick my router!
I bought this cable (2.46€): niceeshop(TM) PL2303HX USB TTL Pour UART COM RS232 Câble Module Convertisseur (Noir, 1m)
https://www.amazon.fr/gp/product/B00F167PWE/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1
And I connect it to the router like here, switching TXD and RXD:
https://www.myopenrouter.com/article/how-set-serial-console-netgear-wndr4500v2
1- nothing
2- TXD, green cable
3- nothing
4- nothing
5- RXD, white cable
6- GND, black cable
I connected my laptop with the router on Ethernet port LAN1, and on USB with the PL2303HX cable.
Then, on my laptop, using Linux and picocom:
picocom -s 115200 /dev/ttyUSB0
I started by doing a normal boot and waited for a shell. Then, I kept CTRL + C on the picocom prompt and rebooted (physically) the router. A CFE prompt has appeared. I executed the following command:
CFE> nvram erase *** command status = 0
In another shell on my laptop, I connected in TFTP on the router:
tftp> connect 192.168.1.1 tftp> mode binary tftp> timeout 90 tftp> put WNDR4500v2-V1.0.0.62_1.0.39.chk
Do not hit enter after the "put" command!
Back to the CFE shell in picocom:
CFE> flash -noheader : flash1.trx
Press Enter and very quickly switch to the shell with TFTP and also press Enter to validate the "put" command.
CFE> flash -noheader : flash1.trx Reading :: Done. 12804154 bytes read Programming...done. 12804154 bytes written *** command status = 0 CFE> reboot Decompressing...done
and then... it does not work for me... yet.
This boot ends with:
Checking crc...Invalid boot block on disk [...] Start TFTP server Reading ::
Go back to the TFTP shell and execute the "put" command again. Into the picocom shell:
Reading :: Done. 12804154 bytes read Programming...done. 12804154 bytes written Decompressing...done [...]
And now it's all good! The router is fully functional using firmware 1.0.0.62_1.0.39 (and telnet backdoor is still here...).
• Introducing NETGEAR WiFi 7 Orbi 770 Series and Nighthawk RS300
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more