GL-MT300N-V1 was hacked: Password changed [Update: False positive; password bug or browser spesific]

[update: Turns out it was a false positive, the problem occurred a second and third and fourth time, this time while totally disconnected from the internet, and on another machine; turns out there is some kind of bug that breaks the password; I can’t get in luci, or the main gui; In luci, I would log in successfully, but accessing page from the drop down menu resulted in my falling back to the login screen, where it says “no password set” and I’d proceed to put in a new password, and the loop would continue over and over again. At one point I had managed to login successfully into luci, and managed to access the dhcp page in the link near the bottom of initial login page, but was promptly logged out as soon as I accessed the drop down menu. Then I was unable to login to the main gui menu! As was happening on the initial post. So its a bug, not a hacker. At other times, I was able to login to the main gui, but not luci.]

Out of the blue my password was no longer accepted. I was no longer able to login to my router and was forced to do a factory reset; This occurred no less than 6-7 hours after receiving the item, and updating to the latest firmware. I had disabled samba, ipv6, ddns, and wan3.

It is protected behind An asus68u router with Merlin, hardened and secured with skynet, dnscrypt and dnssec; I had only one device connected to it at the time, that being an Iphone over wifi; wan was set to the Asus router. The iphone was also plugged directly into the USB port in the router in the timeframe this occurred.

So it appears either the Iphone was hacked, and was able to easily bypass router security via wifi, or via usb; or the gl has known exploitable hardware/software vulnerabilities.

Looking a little deeper; My sandboxied browser had unexpectedly crashed while typing into this forum; I have since cleared the sandbox. This suggests it is possible the parasite had gotten its hands on my password. Though once again, the only device connected to the GL at the time of this password change was my Iphone.

Other suspicious activity:

There were 9 firewall inbound and outbound entries on my windows pc that had been enabled without my permission; and which were previously disabled; previously I allowed zero inbound connections, and most of these rules pointed to ports whos services and drivers had already previously been disabled.

network discovery (WSD-In)
network discovery (WSD EventsSecure-In)
network discovery (WSD Events-In)
network discovery (UPnP-In)
network discovery (SSDP-In)
network discovery (Pub-WSD-In)
network discovery (NB-Name-In)
network discovery (NB-Datagram-In)
network discovery (LLMNR-UDP-In)

Outbound was also enabled for these as well which I had intentionally disabled previously.

strange activity in the last week: the only thing I had noticed was, on two isolated occasions open folder in new window was enabled; I had not done this personally;

Update: False positive. Check initial comment for update.

This may be a problem related to specific browsers as well; seems some browsers work better than others; ill keep you posted.

are you using firefox with too many plugins? That will break a lot of things.

Firefox seems to have fewer issues, and typically works fine with the GL. Chrome / Srware Iron has issues logging in to GL. Conversely firefox is unable to login to my asus router period; Firefox is as hardened as the tor browser, using the ghacks.js user script, and many features are missing. GitHub - arkenfox/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

I’m using roughly the same plugins in chrome as firefox when it comes to modifying web content, ublock origin, umatrix, disconnect, https everywhere…etc. I am using a useragent switcher in Chrome as well; set as a linux machine using firefox; maybe thats the issue; the first thing I would have checked if id have not forgotten.

I am having trouble changing my password to the GL-Inet ML 3000 device. I keep getting a old password error message. However, I properly inscribed my old and new passwords? Is there a constraint in the fields? i.e. charaters that are not recognized, number of characters for the password, spaces? etc? Or could it be a bug?

Thanks for assisting me,

Are you talking about MT300N-v1 version?

What is the version you are using? There should be no constraint in format, just in length.

Yes MT1300, I am not so sure about the version? Is that the device or firmware? In the past, I was able to reset the router’s password but now I can’t. Please advise.

MT1300 is a different product. I apprecate if you can just describe your issue in a new thread.

You can post phtotos and screenshots so that it is clearer.