Flashing DG3000D
Closed this issue · 2 comments
Cause of fash?
I cannot connect to the Wi-Fi due to lack of password, nor can I access the router credentials. I try the default admin and password credentials and it doesn't allow me to access.
IP scan.
I get 2 ips from the router.
192.168.0.1 84:1b:5e:59:a6:a3
192.168.100.1 00:09:5b:de:ad:02
Flashing
nmrpflash -i eno1 -f V5.5.2R05.bin -m 84:1B:5E:59:A6:A3 -v -B
Adding 10.164.183.253 to interface eno1.
Advertising NMRP server on eno1 ... |
No response after 10 seconds. Continuing blindly.
Sending configuration: 10.164.183.252/24.
Using remote filename 'V5.5.2R05.bin'.
Uploading V5.5.2R05.bin ... OK
Note Flash:
After Uploading V5.5.2R05.bin ... OK
, not restart the router automatic, I did it manually and I think it still has the same firmware. I cannot access with default admin and password credentials.
According to this exploit says the current version
python upnp_firmware_exploit . py 192.168.100.1
Unknown model and version: CG3000D V5.5.4.MP2_RG18
I tried firmware V5.5.2R05.bin and V5.5.4.mp2_R09b.bin and it doesn't work
Note MAC:
The reverse label of the router says MAC: 84:1B:5E:59:A6:A0
, however, if I do an ARP or nmap scan, it returns mac 84:1B:5E:59:A6:A3
, changing A0
by A3
in the end. Even the WIFI SSID is called CharterWiFia6a0
Ports:
192.168.0.1
PORT STATE SERVICE
22/tcp closed ssh
23/tcp closed telnet
80/tcp open http
443/tcp open https
1900/tcp closed upnp
5000/tcp open upnp
8080/tcp closed http-proxy
MAC Address: 84:1B:5E:59:A6:A3 (Netgear)
192.168.100.1
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Possible error.
The router has firmware V5.5.4.MP2_RG18 and I am trying with previous versions
You're using blind mode to upload, so even though it looks like it's uploading correctly, nmrpflash
has no way of knowing if it's actually working.
The device you're trying to flash is a cable modem/router, and these are completely different to the "normal" routers. There's no way nmrpflash
will work this device, unfortunately.
Surely there's a way to factory reset the router using a button.
I have already tried to reset the router to default, it goes through the process of blinking the LEDs, restarting, etc. but once it turns on again, it is the same, same ssid name, and it won't let me log in with default credentials.
I was inquiring on the other hand with some friends, and they told me that this model of router may have firmware from an ISP that is difficult to reinstall, and that nmrpflash is not going to work for me. As the only thing, it would be flashing directly through serial port