wifi router being hacked

lepend

Solid State Member
Messages
17
Location
uk
Hi everyone...!
Does anyone know how it is possible that someone can access my router after I have connected with ethernet cable only, factory reset it and switched off wifi
I then configure routers security settings WPA2 etc.. and give a very long wifi password then after maybe half an hour the routers wifi switches on by its self and the hacker is in and making changes to its configuration
How can this be possible?
Any advice very much appreciated!
lepend
 

1etherer

Fully Optimized
Messages
1,878
Location
Earth
Hi everyone...!
Does anyone know how it is possible that someone can access my router after I have connected with ethernet cable only, factory reset it and switched off wifi
I then configure routers security settings WPA2 etc.. and give a very long wifi password then after maybe half an hour the routers wifi switches on by its self and the hacker is in and making changes to its configuration
How can this be possible?
Any advice very much appreciated!
lepend
If you have wifi switched off , then no point config WPA2 :)

If you have wifi switched off, your only connection to the router is via the LAN and WAN.

If your LAN devices are affected and have direct access to router mgmt portal then yes , anyone who hacked your device can gain access still.

If your router mgmt port is exposed to the internet then again an external attacker could compromise the device.
 

TechnoChicken

Professional Amature
Messages
519
Location
Orbiting Jupiter
Be careful because he can use that router to access your computer it is also possible that he is accessing your router through one of your computers that has been compromised.
 

1etherer

Fully Optimized
Messages
1,878
Location
Earth
Id suggest your run a scan on your end devices, in safe mode (ideally).

What antivirus anti malware do you have?
 

carnageX

Private Joker,
Staff member
Messages
25,017
Location
South Dakota
What router? May have vulnerable firmware - check to see if the manufacturer has an updated firmware version. There was a big list of vulnerable devices several months ago.
 

lepend

Solid State Member
Messages
17
Location
uk
If you have wifi switched off , then no point config WPA2 :)

If you have wifi switched off, your only connection to the router is via the LAN and WAN.

If your LAN devices are affected and have direct access to router mgmt portal then yes , anyone who hacked your device can gain access still.

If your router mgmt port is exposed to the internet then again an external attacker could compromise the device.

Thanks for replies everyone ..
The router is a TP Link AC1200 MR400. I updated the firmware and configured everything to the best of my knowledge.. however, this is rather limited. If I understand what you mean with router mgmt and that being the part of the router that is for accessing it from WAN then this as far as i know was disabled

I have standard antivirus like avg or avira but theyve never shown anything untoward.

I have tried to run various malware scanners such as malwarebytes / emsisoft but its either not allowing a proper download or it will not run them without error. I even downloaded them to a laptop that I was hoping was not infected and copy paste to usb stick but after doing this and putting usb into pc the files were automatically deleted, tried zipping them.. but it would not allow this to work eiter
Not sure whats best to do next.. any further help would be great..!
 
Last edited:

1etherer

Fully Optimized
Messages
1,878
Location
Earth
What configuration exactly is changing on your router?

You mentioned strange activity on your PC, are you saying when you copy files from your USB to say your downloads folder, they are deleted automatically?

When did this start happening, do you tend to download from unknown sources.

Have you reinstalled your windows OS?
 

lepend

Solid State Member
Messages
17
Location
uk
Can anyone recommend what's the most complete and thorough malware removal tool that can be run from boot up?
 
Top