Has my Technicolor TG582n router been hacked?

asjnsaofnsado · ‎18-03-2015

So, I've got a Technicolor TG582n from plusnet. It stopped working for a while today, which happens fairly often, so when I got home from work I rebooted it and looked at the web config page to see if it was connected. It was connected ok, but for some reason, the DSL username has changed - my username is just firstnamesurname@plusdsl.net but it's now changed to ala****1988@plusdsl.net (stars added by me).
I'm the only one with the password to this router, and I know I didn't change it. I can't see any other way it could have changed unless someone else has got access to it now.
The router says it has version 8.4.4.J of the firmware. doesn't seem to be a way to check for updates on the web config page.
Has it been hacked? is the firmware vulnerable? And now what do I do with it?

dvorak · ‎11-01-2008

wonder if there's a tr69 (auto setup) issue and the router is registered to the wrong account.
you should just be able to change it back to your account details.

Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'

mwarby · ‎11-08-2014

is tr-69 line or MAC based, if latter and modem was obtained say by ebay(had to get one this way for my mum, plusnet wanted silly money for a replacement) that could explain it

Oldjim · ‎15-06-2007

the router is hard linked to the account it was registered to originally unless they asked for it to be deregistered

npr · ‎21-01-2013

I agree this sounds like TR69 auto setup working , ie Plusnet pushing a username and password to the router.
"Auto Setup" can be disabled in the plusnet members centre.
https://portal.plus.net/automatic_hardware_setup/index.php
The following link explains how TR69 works.
http://www.plus.net/support/broadband/hardware/tr69faq.shtml
Also this feature can be disabled in the Technicolor routers, it called CWMP in the routes configuration.
http://npr.me.uk/telnet.html#cwmp

Oldjim · ‎15-06-2007

I am not entirely sure whether disabling via the member centre will work - does disable only affect a router allocated to your account or any router connected to your line

asjnsaofnsado · ‎18-03-2015

Sounds like I don' need to worry about hackers, only a good old bureaucracy foul up

Quote from: mwarby
is tr-69 line or MAC based, if latter and modem was obtained say by ebay(had to get one this way for my mum, plusnet wanted silly money for a replacement) that could explain it

That's not the case for me, I'm still using the original router I received from plusnet when I joined a few years back. I've not seen anything like this until today.

Quote from: npr
I agree this sounds like TR69 auto setup working , ie Plusnet pushing a username and password to the router.

Thanks for the links, it does suggest that my router serial number is now associated with the wrong account. Possibly just an error, maybe their staff mistyped the serial number while setting up a new account for someone else. I'll trying calling the Plusnet support if I get a minute tomorrow, since I suspect the owner of ala****1988@plusdsl.net is probably sat with a useless modem at present...
Thanks for the help

npr · ‎21-01-2013

@Oldjim
I assumed that setting was allocated to the line not the router but I could me wrong.

Quote from: asjnsaofnsado
I suspect the owner of ala****1988@plusdsl.net is probably sat with a useless modem at present...

The username and password can always be manually entered in the router, allway the best option IMO

jelv · ‎10-04-2007

It's definitely the router serial number that is allocated to the account (I'm 100% sure on this).
The problem is that if ala****1988@plusdsl.net opted for fixed IP, both your connections would stop working correctly.
I just hope that ala****1988@plusdsl.net is on unlimited because your usage will be being recorded against his account (I think you'll find VMBU is not showing any usage for you).

[me=jelv]wonders if there's been more screw ups like this and it accounts for some of the users reporting no usage showing in VMBU[/me]

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

Anotherone · ‎31-08-2007

Quote from: jelv
[me=jelv]wonders if there's been more screw ups like this and it accounts for some of the users reporting no usage showing in VMBU[/me]

That's an interesting thought. As the owner in this case has had the 582n for some time, I'm wondering if whoever entered the details in the TR-069 database needed their reading glasses on!
@asjnsaofnsado
Did you by any chance join in 2012?

Townman · ‎22-08-2007

@asjnsaofnsado,
Welcome to the forums.
1. The auto configuration is associated with the router's serial number, which is associated with an account, not the line it is connected to
2. Switching auto configuration off is not going to help if the serial number of your router is miss associated with another account
3. There was another recent incident of someone seeing constant drop outs caused by another user using their login credentials - I suspect arising out of a similar failure - see http://community.plus.net/forum/index.php/topic,137563.msg1210818.html#msg1210818
This problem needs urgent CRT attention.

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.