Password retained after firstboot

mdispose · December 19, 2025, 9:17am

Hello,

maybe somebody can tell me if this is an expected behaviour:

I did a firstboot on several Fritzbox 4040 with 24.10.4 because they were replaced. Three of them showed some weird behaviour.

After booting them into recovery and issuing a firstboot followed by a reboot, they set everything to default besides the root password which was the same as before the firstboot, is also visible as hash in /etc/shadow, but not in /rom/etc/shadow. One of the images for the three devices were initially built with firmware selector as an upgrade from 23.05.06 to include wireguard, ddns-scripts and relating Luci packages. The other two received the stock sysupgrade image.

If I reflash the stock/default sysupdate image with the same version trough Luci, the password is gone. Even without flashing a new firmware, the reset to defaults trough Luci works as expected and also removes the password.

What could cause this behaviour? Is this somehow a security issue, and if at all, should I report this somewhere and try to reproduce it?

Thanks a lot in advance.

br

mdispose · December 19, 2025, 11:51am

I cannot reproduce it. I could reproduce it once with the default 24.10.04 image, after reflash to 23.05.06 and upgrade to 24.10.04 with keeping of the configuration, I was not able to reproduce this issue. So can most probably be ignored or has something to do with my initial configuration.

system · December 29, 2025, 11:52am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.