BEWARE VIRUS After Mango firmware update!

AFriendOf666 · 2022-04-16T19:39:47.204Z

I just got my GL MT300N V2 and after updating the firmware everything reset and i went to go login to my WiFi and under SSID in the drop down menu there is a wifi network called Virus id xXx-stuxWyrm5-xXx with the password already typed in. It was not there BEFORE i updated the firmware. If you don’t recall StuxNet was a virus that caused a lot of damage back in 2010. If you see this after upgrade DO NOT CONNECT TO THAT NETWORK. Has anyone else had this happen?

Screenshot_20220416-151351-6371080×2520 136 KB

xize11 · 2022-04-17T06:49:22.613Z

hmm could you tell more about the firmware version and also share hash?

Also how much sure are you if it is by the firmware and not someone doing it via wireless or using some kind of exploit?

If its indeed a external factor you might want to place this router behind a NAT (a different modem or router) and reflash it, or if you use wifi make sure you use ccmp with a long password, you could set ssh access on the lan interface only via luci, also it would be better to use ssh keys to login and aswell use a big password for the web interface which isn’t reused.

Thats one of the things I can think off to megitate the attack surface even though wireless is never fully secure you might want even go as far to block port 80 and 443 for 0.0.0.0 but you may have to place wireless in its own isolated interface and firewall zone.

To be honest it looks like someone is pranking you since I can’t remember there is such thing as virus id as code as in html tags.

K3rn3l_Ku5h · 2022-04-17T14:54:14.860Z

Yeah that’s strange on multiple levels. If it was a real virus or botnet you would have little to no indication other then network resources and computer running slow. From you screen shot this is in a app? Is It android or IOS? Like xize11 suggested use a strong password.

image526×525 95 KB

AFriendOf666 · 2022-04-17T16:20:00.073Z

It was from the admin router ip address website not any of the apps. After i unplugged the power to the router and plugged it back in it was gone and originally viewable only after the firmware 3.211 update. It has not showed up again. It was a closed wifi network but the password was already typed in. I’ve tried to find that ssid again with multiple phones 4g and 5g and the mango but nothing. Strange.

exitguy · 2022-04-17T23:15:12.125Z

Could have been someone driving past looking for “open” connections they could hack !!

AFriendOf666 · 2022-04-17T23:44:24.541Z

Yes possibly. It was odd because it was right at the top. Even stronger than my wifi and it was in code form too. Oh well at least it’s gone for now but i still can’t figure out how to get my mango set up with tor guard vpn with a dedicated ip. I have Xfinity so i can’t hardwire it to because i can’t get an Internet connection like that but i can but i set up the wifi. Should i give my gl mt300n v2 a static ip address? I also need to port forward 44158 tcp and the device in setting up needs a static ip address. (Helium Hotspot miner) So do i just use my Xfinity home wifi masked by the vpn and then helium hotspot connected to lan via Ethernet? I was thinking when i bought the Mango i could just use the Wan to a Lan on Xfinity x1 modem/router and then use a vpn service but of course it couldn’t be that easy. Any help is greatly appreciated!

alzhao · 2022-04-18T03:39:07.492Z

AFriendOf666:

Should i give my gl mt300n v2 a static ip address? I also need to port forward 44158 tcp and the device in setting up needs a static ip address. (Helium Hotspot miner) So do i just use my Xfinity home wifi masked by the vpn and then helium hotspot connected to lan via Ethernet?

Connect Mango to your xifinity via repeater. Connect Helium to the LAN port of Mango.
Configure vpn on Mango, connect to your vpn server.
Set up port forward 44158 on Mango, from vpn interface to lan, your Helium device.

This is everything you need to do in the router side. In your vpn server, you need to port forward 44158 to the Mango as well.

AFriendOf666 · 2022-04-18T15:59:26.277Z

Thank you so much for your help.