Its from Telia, i tried today with the WiFi password thats on a sticky note, but no luck.
3UQC43T728s8
Or just open 192.168.1.1 with lan connected to Poe ? Login as admin/1234 ?
1 Like
I have tried with 192.168.1.1 with lan connected to PoE, but no ping or http / https, i think its in bridgemode.
I tried with 3UQC47T728s8 and that did not work, I will try with 3UQC43T728s8.
Hello, i need some help if someone can help me.
I have managed to install openwrt on the Telenor branded NR7101. I am using the R11A06 (also tried the latest firmware R13A04, but reverted to A06) firmware and the openwrt image on the NR7101 wiki page. I am using Phonero simcard with "telia" as APN. I have tried both with and without sim lock, but i refuse to connect to internet.
I have tried both mbim and qmi mode. Same result. I have also tried uqmi and umbi but, it will not connect to the cdc-wdm0. I also get no respond when trying to set wds.
I have also tried Zyxel image and ROOter image. Same happends as with OpenWRT.
Anyone have a clue how i can get any further? Picocom works, and i am sending AT commands to the ttyUSB0, and it respond. But refuse to go online. And sometimes it just hangs and stop responding. I have followed every step at the openwrt wiki page and qmi/mbim wiki page. But still no respond.
Any advice? Anyone who can help med debug?
Thanks! That did the trick, and flashed it with an OEM firmware, no more Telia!
Default password after flash is 1234.
Also tried with a new usb uart device, still just gibberish.
1 Like
On my telenor branded NR7101 i get the debug message
Lock Provider Check ISP Lock
Still no luck to connect to network, tried both Telenor Sim (old one not active) and a Phonero (telia) sim which is active.
What does that mean? Is it still locked to Telenor even though i have managed to run OpenWRT, Zyxel and ROOter on it?
The only thing i miss is the supervisor/Root default password, everything else is open.
But it refuse to connect to network whatever linux image i run.
So I have a stubborn one. The router is completely locked to my abilities. From what I understood the root password was changed the generated password from the tool isn't working and it persists after reset. Will flashing stock Zyxel firmware using Zycast make it possible to use the supervisor password tool?
In a similar case I was able to reach the WebGUI page to upgrade firmware and by ticking the box "Reset All Settings After Firmware Upgrade". I was then able to use the generated password from the tool. But I have no idea what ticking that box actually does.
Probably not. Device specific data like passwords etc is not touched. But it is possible to flash some firmware which doesn't use those passwords. Then you can modify the passwords and flash a stock firmware.
In theory. I haven't done this myself and cannot help with any details
1 Like
On other Zyxel devices the root password can be read on the console when making a configuration backup. Maybe it's the same here...
1 Like
I managed to get output btw, it's baud rate is quite high actually. I believe it was 921600. If not, then it was something higher than 115200 and with the digit 9 and 2 in it. Sorry I can't really remember right now.
Probably not. Device specific data like passwords etc is not touched. But it is possible to flash some firmware which doesn't use those passwords. Then you can modify the passwords and flash a stock firmware.
In theory. I haven't done this myself and cannot help with any details
That's unfortunate but it makes a lot of sense by security standpoint. If all else fails I will try it out and let everyone know how it goes. 
On other Zyxel devices the root password can be read on the console when making a configuration backup. Maybe it's the same here...
Wow that's huge if I can manage a way to export it.
Thank you everyone for your help!
So I acquired a Telenor branded NR7101 in a flee market today (not very cheaply, mind you!), before doing any research. I saw the prices for a generic version online and figured it was still a good deal, but knew there was a risk of it being vendor locked. I read somewhere that there is a password listed on the PoE injector, but my device did not come with one.
After bringing it home I started googling and found a bunch of forum threads with different experiences, and it seems to me that the chances of success depend a lot on the production year of the device?
Mine has a serial number starting with S230 (assuming that means it is produced in 2023?) - is there any chance I will be able to unlock this device?
Ideally I would like to use it as a backup for my fiber broadband ISP, using a data sim tied to my ICE subscription (or some other cheap, metered/data limited subscription). I don't really care if it runs the default Zyxel firmware or OpenWRT, either would be fine.
I don't have a PoE injector lying around, nor do I have an appropriate serial adapter, so I have no way of testing the device right now.
@bmork do you know if your multicast flash utility would work with a S230 serial number device? I assume I need a serial console connection in order to use the tool, otherwise there would be no way of detecting when the flash is done, correct?
If I am unable to unlock it, would it still be usable with a regular Telenor mobile sim card, or does it require a "TrÄdlÞst BredbÄnd" subscription to work in its default configuration?
No problem to flash it with zycast.
You do not need serial adapter for this method.
When its done LED is flashing red,orange,green.
1 Like
OpenWrt works fine. New versions of ModemManager and ModemManager proto ensure reconnection on any disconnection events. One caveat is that if you need high bandwidth above 200Mbit/s you need to stick with the original firmware. Since there is some bandwidth limitation that hasnât been figured out yet with OpenWrt for this device related to the USB connection to modem.
Where do i find Zycast instructions?
You need Telenor BredbÄnd, and they wont give you that without a new antenna 
So worth nothing until you open it
DL and compile, search the forum on how.