Router Required Factory Reset after 2 years of no issues

[DaveLembke]

Curious if my router could have been targeted.

I have a Linksys Smart WIFI AC1200 Router which I set up changing the default password and wifi was locked down with security. No problems with it for 2 years now. Its survived power outages and some resets that we have done to it when the broadband modem was acting up and everything brought back online in order of modem first then router.

My daughter told me last night that the internet wasnt working. So I went and shut it all down brought modem online and then router online and still no internet. Tried again and still no internet. Tried to remote into router and it was as if the router was completely offline yet it had its normal LEDS lit on it.

It wasnt until I held the red factory reset button in and set it back to factory that i was able to get it all working again, and set up the tight security of it.

What bothers me is that it didnt come back to life working as it should have after a reboot of it and it wasnt until factory reset that it started behaving again.

So I was wondering if anyone knows of a place to go online to see what routers have what vulnerabilities as for maybe this one was targeted and bricked by a hacker somehow as for a power reset should have gotten it back up and running vs having to reset it back to factory?

I checked the firmware of it and it says its up to date as well. I have a second router ready to go if its a hardware failure and I need to switch over, but a hardware failure to me would be a permanent error and not one that is corrected by a factory reset.

[BC_Programmer]

I find it unlikely that any kind of hacker would be attacking and bricking random consumer home routers.

Personally, I'd be more likely to blame corruption with some of the data that is stored in the router that gets cleared via a factory reset.

[DaveLembke]

Hello BC ... Thank You for your response to this. I found out looking further today that the Linksys AC1200 is actually a model EA6100. And to my surprise today I discovered it is one of the vulnerable Linksys models as found at link below:

https://www.bleepingcomputer.com/news/security/would-you-like-a-backdoor-with-that-linksys-router-sir/

Vulnerable Router List:

WRT Series
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM

EAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3
EA6100
EA6200
EA6300
EA6350 v2
EA6350 v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500

Linksys routers affected by three major issues

IOActive, who published a report on their blog, restrained from publishing any technical details about how an attacker could exploit the three issues, but only vaguely described them. The issues are as follow.

(1) An attacker can send malformed requests to the router that causes a denial-of-service state which freezes or reboots the router until the attacker stops his malformed requests.

(2) An attacker can bypass authentication procedures and collect information on the router and its users, such as firmware version, Linux kernel version, a list of running processes, a list of connected USB devices, the WPS PIN for the Wi-Fi connection, firewall configurations, FTP settings, and SMB server settings.

(3) An attacker can execute code on the router. One of the uses for this flaw is that it allows an attacker to create a secret root-level backdoor account that does not appear in the router's web-based configuration panel.

Maybe it was just corrupt like you said, but this is the first router of many that I have had where a factory reset was needed like this to get it to work again and simple reboot of it didnt clear whatever was keeping it from behaving properly. My password was changed from default and so it shouldn't be vulnerable, but given it is a model that has been targeted before by hackers.... I might replace it although 2 years without any issues until now I suppose is pretty good.

Earlier I was looking for vulnerabilities for AC1200 and didnt find anything but when looking at the bottom of the router to see what the label says for Revision info I saw that its actually a EA6100 which then I found the info linked above.

[BC_Programmer]

You mentioned a few times in the OP that the router "didn't have Internet" I interpreted that literally as the router not having Internet but your computers could all connect to it - If there was absolutely no way to connect to it at all and it had no network presence, then it might be possible that it was frozen through the listed methods.

Though, that does have an additional puzzle in that factory resetting shouldn't change anything that would apply to it, either.