Netgear R6120: Bricked While Performing Update using Netgear Nighthawk app

Yesterday, I was going to watch the live stream of Security Now on TWiT TV using YouTube. When I heard about the update for Netgear router, Steve Gibson said that anyone with a Netgear router should update their router in order to address critical vulnerability, so I did. The Netgear app told me there is an error updating the router and asked me to try again. I began troubleshooting and I went into the list of Wi-Fi networks in my smartphone. I saw that the router is not able to provide Internet connectivity, so I tried to log into the Wi-Fi network again. Then, I went back into the Nighthawk app, update again, and now the Nighthawk app failed to connect to my family’s network.

I went over to my family’s router and I saw that the power LED started blinking about every 1 second. The amber light stayed lit for only a tenth of the second or less. Sometimes the light blinks just a little faster. I tried unplugging the power cord, held down the reset button for 30 seconds, plug it back in while holding down the reset button for another 30 seconds, and once I plug it back in, the power and Ethernet lights started blinking alternately, each light staying on for half a second. Even after 30 seconds have passed and I released the reset button, the lights keep alternating and it seems like the router does not restore back to original factory. I mean, it does nothing after I let go of the reset button after 30 seconds.

So, regardless of whether the power/Ethernet lights alternate or if the power light flashes, I did some research and I found out that I can make use of TFTP server and pushed the R6120 firmware image to the router. I bought my laptop over to my family’s computer room/home office, plugged in the Ethernet cable to any of the four LAN ports, and configured my laptop to use 192.168.1.10/24. The ping to 192.168.1.1 is unsuccessful, so I am out of luck.

So, I took the liberty of getting my mom’s wireless back up and running using a Comtrend router as a backup. The Comtrend router has DSL built-in, so my mom’s Netgear connects to the Comtrend DSL router. I also connected my home server to my mom’s Comtrend router via means of powerline adapter. My home server runs pfSense inside a virtual machine and Debian as a bare-metal host, so my network is separate from my family’s network. Yes, this creates a double-NAT; however, we have no problems with the kind of setup so far.

It’s not like I went to Netgear’s website, downloaded the wrong image, and then brick the router in the process! No! I updated right from the Netgear Nighthawk app that connects to the router without any problems and I bricked my family’s router by performing an update. I mean, why? Why must an update from Netgear’s server brick my family’s router in the process?

In any case, even though I’m going to expect to take the blame for what I’ve done to my mom’s router, I have taken the liberty to write a letter explain to my family regarding what happened during my birthday afternoon (11/23). I had my family buy a wireless router a couple of months ago (probably earlier than summer). The reason why is so my family does not have to reconfigure the wireless devices again when Consolidated Communications replaced the Comtrend router with the same DSL router but with different SSID and password. For example, whenever my family decided to upgrade to 25Mbps from 7Mbps, Consolidated Communications sent my family a new router and I’ve had to reconfigure the wireless router with the same SSID and password; hence, why I got my family to buy a Netgear router so my family does not have to deal with changing wireless network settings in the first place.

So, in the future, in order to prevent bricking my family’s router again, I have decided not to keep my family’s router up-to-date. Yes, this will bring in more critical vulnerabilities into my family’s network if a malicious JavaScript decides to perform any exploits against the router, but at least what I can do is educate my family regarding the dangers of vulnerabilities. I’m the head of an IT department for my family and educating is all I can do from now on. Yes, I’ll take full responsibility for not updating my family’s router, but what can I do!? I’ve got to keep my family’s network and their devices safe.

Once again, I still cannot understand how can performing an update brick my family’s router. It should be painless, but it’s not.

This is the Security Now edisode that I am referring to regarding the Netgear router.

I’ve a cupboard of bricked routers :blush:

I will say a benefit of running pfsense, if you totally balls it up, you can just format the hdd.

As for providing free support, it’s never appreciated, get them to pony up some cash and feel the pain …

As for updating over wifi, sounds like a bad idea period, good chance it would have worked ok via accessing the router directly.

No good deed goes unpunished :wink:

1 Like

My family does not want to afford a new router. A pfSense router router with a wireless access point would be expensive for my family so that’s why I got my family to buy a router so they don’t have to deal with wireless network configuration. Plus, pfSense would be too complicated for my family to configure. I will have to setup a VPN for pfSense when I move out of my family’s house and I do not want to burden my family with costly expenses and separate devices. As my family does not have a separate network closet, this separation of a router and access point would cause a mess of wires.

yep totally agree, giving your family a pfSense setup is a total waste.

When I first looked at pfSense I also came to the conclusion that it’s more expensive, however, what I can now do compared to my Asus router is well miles apart.

I’ve tried to get family members to improve, however, they have no interest, but when they need help I let them resolve it themselves … support requests have experienced a dramatic fall :blush:

1 Like

Yeah I’m very happy I’m running a pfSense router. I do not need to update my pfSense router frequently.

You may be able to manually flash it, if there is anything to solder to

As I am not handy with soldering skills, my mom will buy a new router probably within the next few weeks.

And because I do not trust consumer routers anymore, I’m not going to update the firmware when my mom brings home a replacement router. In the meantime, I have configured the DSL modem with the same SSID/password as this is temporary.

And even if I do not mind learning how to solder parts, I would probably do not mind burning my finger in the process due to my visual impairment (my left eye is blind since the day I was born).

Maybe a UDM would be good in this case

Thanks but my mom wanted me to go to Wal-Mart around 11:00 PM EST to get a replacement router before Thanksgiving. I won’t be touching a firmware update regardless of whether I’m connected to the router via RJ45 or wireless.

Anyway, I must have gotten a bit crazy when I though I might have responded to the wrong thread. Whew… It’s after midnight. Well, good night from the east coast of United States.