Is this a hardware issue or an attack? [TL-WDR4300 v1.6]

Installing and Using OpenWrt
1

Hardware: TP-Link TL-WDR4300 v1.6
OpenWrt: OpenWrt 21.02.2, r16495-bf0c965af0

For unknown reasons, the device keep resetting their own configuration. After re-flashing a new firmware from OpenWrt servers and configuring everything from scratch, it reset the configuration again after a few days or months, this is very aleatory.

Here is the log before it happens using a remote logging tool, I was doing nothing on it, it just happen:

Jun 25 10:15:05	192.168.1.254	Aguia	daemon	info	logread[985]	Logread connected to ERASED:514
Jun 25 10:15:06	192.168.1.254	Aguia	daemon	err	insmod	module is already loaded - slhc
Jun 25 10:15:06	192.168.1.254	Aguia	kern	info	kernel	[   35.608114] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
Jun 25 10:15:06	192.168.1.254	Aguia	daemon	err	insmod	module is already loaded - ppp_generic
Jun 25 10:15:06	192.168.1.254	Aguia	daemon	err	insmod	module is already loaded - pppox
Jun 25 10:15:06	192.168.1.254	Aguia	daemon	err	odhcpd[1513]	Failed to send to ff02::1%lan@br-lan (Address not available)
Jun 25 10:15:06	192.168.1.254	Aguia	daemon	err	insmod	module is already loaded - pppoe
Jun 25 10:15:06	192.168.1.254	Aguia	daemon	notice	netifd	wan (2132): udhcpc: started, v1.33.2
Jun 25 10:15:07	192.168.1.254	Aguia	user	notice	firewall	Reloading firewall due to ifup of lan (br-lan)
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	notice	netifd	wan (2132): udhcpc: sending discover
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	info	pppd[2174]	Plugin rp-pppoe.so loaded.
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	info	pppd[2174]	RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	notice	pppd[2174]	pppd 2.4.8 started by root, uid 0
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	info	pppd[2174]	PPP session is 25802
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	warning	pppd[2174]	Connected to ERASED via interface eth0.10
Jun 25 10:15:08	192.168.1.254	Aguia	kern	info	kernel	[   38.241870] pppoe-VIVO: renamed from ppp0
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	info	pppd[2174]	Renamed interface ppp0 to pppoe-VIVO
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	info	pppd[2174]	Using interface pppoe-VIVO
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	notice	pppd[2174]	Connect: pppoe-VIVO <--> eth0.10
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	info	pppd[2174]	Remote message: Authentication success,Welcome!
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	notice	pppd[2174]	PAP authentication succeeded
Jun 25 10:15:08	192.168.1.254	Aguia	daemon	notice	pppd[2174]	peer from calling number ERASED authorized
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	notice	pppd[2174]	local  LL address ERASED
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	notice	pppd[2174]	remote LL address ERASED
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	notice	pppd[2174]	local  IP address ERASED
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	notice	pppd[2174]	remote IP address ERASED
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	notice	pppd[2174]	primary   DNS address ERASED
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	notice	pppd[2174]	secondary DNS address ERASED
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	notice	netifd	Network device 'pppoe-VIVO' link is up
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	notice	netifd	Interface 'VIVO' is now up
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	reading /tmp/resolv.conf.d/resolv.conf.auto
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using only locally-known addresses for domain test
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using only locally-known addresses for domain onion
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using only locally-known addresses for domain localhost
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using only locally-known addresses for domain local
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using only locally-known addresses for domain invalid
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using only locally-known addresses for domain bind
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using only locally-known addresses for domain lan
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using nameserver ERASED#53
Jun 25 10:15:09	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	using nameserver ERASED#53
Jun 25 10:15:10	192.168.1.254	Aguia	authpriv	info	dropbear[2358]	Not backgrounding
Jun 25 10:15:10	192.168.1.254	Aguia	daemon	notice	netifd	Network alias 'pppoe-VIVO' link is up
Jun 25 10:15:10	192.168.1.254	Aguia	daemon	notice	netifd	Interface 'VIVO_6' is enabled
Jun 25 10:15:10	192.168.1.254	Aguia	daemon	notice	netifd	Interface 'VIVO_6' has link connectivity
Jun 25 10:15:10	192.168.1.254	Aguia	daemon	notice	netifd	Interface 'VIVO_6' is setting up now
Jun 25 10:15:11	192.168.1.254	Aguia	user	notice	firewall	Reloading firewall due to ifup of VIVO (pppoe-VIVO)
Jun 25 10:15:11	192.168.1.254	Aguia	daemon	err	odhcp6c[2463]	Failed to send SOLICIT message to ff02::1:2 (Operation not permitted)
Jun 25 10:15:11	192.168.1.254	Aguia	daemon	notice	netifd	wan (2132): udhcpc: sending discover
Jun 25 10:15:12	192.168.1.254	Aguia	daemon	notice	hostapd	Configuration file: /var/run/hostapd-phy1.conf (phy wlan1) --> new PHY
Jun 25 10:15:12	192.168.1.254	Aguia	kern	info	kernel	[   41.761206] br-lan: port 2(wlan1) entered blocking state
Jun 25 10:15:12	192.168.1.254	Aguia	kern	info	kernel	[   41.766662] br-lan: port 2(wlan1) entered disabled state
Jun 25 10:15:12	192.168.1.254	Aguia	kern	info	kernel	[   41.772457] device wlan1 entered promiscuous mode
Jun 25 10:15:12	192.168.1.254	Aguia	daemon	notice	hostapd	wlan1: interface state UNINITIALIZED->HT_SCAN
Jun 25 10:15:12	192.168.1.254	Aguia	daemon	notice	hostapd	Configuration file: /var/run/hostapd-phy0.conf (phy wlan0) --> new PHY
Jun 25 10:15:12	192.168.1.254	Aguia	daemon	notice	netifd	Interface 'VIVO_6' is now up
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   42.384055] br-lan: port 3(wlan0) entered blocking state
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   42.389505] br-lan: port 3(wlan0) entered disabled state
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   42.395337] device wlan0 entered promiscuous mode
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   42.400326] br-lan: port 3(wlan0) entered blocking state
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   42.405760] br-lan: port 3(wlan0) entered forwarding state
Jun 25 10:15:13	192.168.1.254	Aguia	daemon	notice	hostapd	wlan0: interface state UNINITIALIZED->HT_SCAN
Jun 25 10:15:13	192.168.1.254	Aguia	user	notice	firewall	Reloading firewall due to ifupdate of VIVO (pppoe-VIVO)
Jun 25 10:15:13	192.168.1.254	Aguia	daemon	notice	hostapd	Switch own primary and secondary channel to get secondary channel with no Beacons from other BSSes
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   42.597882] br-lan: port 3(wlan0) entered disabled state
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   43.124129] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   43.130973] br-lan: port 2(wlan1) entered blocking state
Jun 25 10:15:13	192.168.1.254	Aguia	kern	info	kernel	[   43.136420] br-lan: port 2(wlan1) entered forwarding state
Jun 25 10:15:13	192.168.1.254	Aguia	daemon	warning	odhcpd[1513]	A default route is present but there is no public prefix on lan thus we don't announce a default route!
Jun 25 10:15:13	192.168.1.254	Aguia	daemon	notice	hostapd	wlan1: interface state HT_SCAN->ENABLED
Jun 25 10:15:13	192.168.1.254	Aguia	daemon	notice	hostapd	wlan1: AP-ENABLED
Jun 25 10:15:14	192.168.1.254	Aguia	daemon	notice	hostapd	20/40 MHz operation not permitted on channel pri=2 sec=6 based on overlapping BSSes
Jun 25 10:15:14	192.168.1.254	Aguia	daemon	notice	netifd	Wireless device 'radio1' is now up
Jun 25 10:15:14	192.168.1.254	Aguia	daemon	notice	netifd	Network device 'wlan1' link is up
Jun 25 10:15:14	192.168.1.254	Aguia	daemon	notice	netifd	wan (2132): udhcpc: sending discover
Jun 25 10:15:14	192.168.1.254	Aguia	user	notice	firewall	Reloading firewall due to ifup of VIVO_6 (pppoe-VIVO)
Jun 25 10:15:15	192.168.1.254	Aguia	kern	info	kernel	[   44.467391] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Jun 25 10:15:15	192.168.1.254	Aguia	kern	info	kernel	[   44.474274] br-lan: port 3(wlan0) entered blocking state
Jun 25 10:15:15	192.168.1.254	Aguia	kern	info	kernel	[   44.479744] br-lan: port 3(wlan0) entered forwarding state
Jun 25 10:15:15	192.168.1.254	Aguia	daemon	notice	hostapd	wlan0: interface state HT_SCAN->ENABLED
Jun 25 10:15:15	192.168.1.254	Aguia	daemon	notice	hostapd	wlan0: AP-ENABLED
Jun 25 10:15:15	192.168.1.254	Aguia	daemon	notice	netifd	Wireless device 'radio0' is now up
Jun 25 10:15:15	192.168.1.254	Aguia	daemon	notice	netifd	Network device 'wlan0' link is up
Jun 25 10:15:19	192.168.1.254	Aguia	daemon	info	dnsmasq[1242]	exiting on receipt of SIGTERM
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	Connected to system UBus
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	started, version 2.85 cachesize 150
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	DNS service limited to local subnets
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-cryptohash no-DNSSEC no-ID loop-detect inotify dumpfile
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	UBus support enabled: connected to system bus
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq-dhcp[2841]	DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain test
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain onion
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain localhost
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain local
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain invalid
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain bind
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain lan
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	reading /tmp/resolv.conf.d/resolv.conf.auto
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain test
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain onion
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain localhost
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain local
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain invalid
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain bind
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain lan
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using nameserver ERASED#53
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using nameserver ERASED#53
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	read /etc/hosts - 4 addresses
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	read /tmp/hosts/dhcp.cfg01411c - 28 addresses
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq-dhcp[2841]	read /etc/ethers - 0 addresses
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	read /etc/hosts - 4 addresses
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	read /tmp/hosts/dhcp.cfg01411c - 28 addresses
Jun 25 10:15:20	192.168.1.254	Aguia	daemon	info	dnsmasq-dhcp[2841]	read /etc/ethers - 0 addresses
Jun 25 10:15:24	192.168.1.254	Aguia	daemon	notice	netifd	Interface 'VIVO_6' has lost the connection
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	notice	netifd	Interface 'VIVO_6' is now up
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	reading /tmp/resolv.conf.d/resolv.conf.auto
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain test
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain onion
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain localhost
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain local
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain invalid
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain bind
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using only locally-known addresses for domain lan
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using nameserver ERASED#53
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using nameserver ERASED#53
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using nameserver ERASED#53
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	using nameserver ERASED#53
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	read /etc/hosts - 4 addresses
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	read /tmp/hosts/odhcpd - 0 addresses
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq[2841]	read /tmp/hosts/dhcp.cfg01411c - 28 addresses
Jun 25 10:15:25	192.168.1.254	Aguia	daemon	info	dnsmasq-dhcp[2841]	read /etc/ethers - 0 addresses
Jun 25 10:15:25	192.168.1.254	Aguia	user	notice	firewall	Reloading firewall due to ifup of VIVO_6 (pppoe-VIVO)
Jun 25 10:19:20	192.168.1.254	Aguia	daemon	info	jffs2reset	/dev/mtdblock4 is mounted as /overlay, only erasing files
Jun 25 10:19:20	192.168.1.254	Aguia	daemon	info	procd	- shutdown -
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	hostapd	wlan1: interface state ENABLED->DISABLED
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	hostapd	wlan1: AP-DISABLED
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	hostapd	wlan1: CTRL-EVENT-TERMINATING
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	hostapd	nl80211: deinit ifname=wlan1 disabled_11b_rates=0
Jun 25 10:19:21	192.168.1.254	Aguia	kern	info	kernel	[   68.580997] device wlan1 left promiscuous mode
Jun 25 10:19:21	192.168.1.254	Aguia	kern	info	kernel	[   68.585797] br-lan: port 2(wlan1) entered disabled state
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	netifd	Network device 'wlan1' link is down
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	hostapd	wlan0: interface state ENABLED->DISABLED
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	hostapd	wlan0: AP-DISABLED
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	hostapd	wlan0: CTRL-EVENT-TERMINATING
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	hostapd	nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Jun 25 10:19:21	192.168.1.254	Aguia	kern	info	kernel	[   68.648510] device wlan0 left promiscuous mode
Jun 25 10:19:21	192.168.1.254	Aguia	kern	info	kernel	[   68.653229] br-lan: port 3(wlan0) entered disabled state
Jun 25 10:19:21	192.168.1.254	Aguia	daemon	notice	netifd	Network device 'wlan0' link is down
Jun 25 10:19:21	192.168.1.254	Aguia	authpriv	info	dropbear[2358]	Early exit: Terminated by signal

Thank you.

2

What is causing that? Did you call firstboot or jffs2reset? Is it possible that the reset button at the back is gettimg pressed?

3

What is causing that? Did you call firstboot or jffs2reset ? Is it possible that the reset button at the back is gettimg pressed?

Don't know, it did by itself. I wasn't home when it happens and also, nobody was home.

PS: Just check the button, is in perfect condition (multimeter test) and there was nothing behind it to press it by accident.

4

You can disable the button script with:
chmod -x /etc/rc.button/reset
This will of course also prevent an intentional reset to defaults using the button.

2 Likes