On May 23 and further updated on June 6, Cisco announced the discovery of a malware attack targeting small office and home office network devices. This malware gives the attacker the ability to read your internet traffic, steal passwords, spread more malware and to disable the device. This threat has been verified by numerous third-parties, including the FBI.

What should I do?

Regardless of whether your device is on the list, we recommend you take the following steps:

1. Reboot the device, by unplugging it for 60 seconds and then plugging it back in. This will result in your network being down for a short period of time.
2. If your device is from one of the following manufacturers, follow their instructions:
   • • ASUS: See the 06/08/2018 Security Advisory for VPNFilter on https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/
     • D-LINK: https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10085
     • HUAWEI: http://www.huawei.com/us/psirt/security-notices/huawei-sn-20180607-01-vpnfilter-en
     • LINKSYS: https://community.linksys.com/t5/Wireless-Routers/VPNFilter-Malware-Update/td-p/1315372
     • MIKROTIK: https://forum.mikrotik.com/viewtopic.php?f=21&t=134776
     • NETGEAR: https://kb.netgear.com/000058814/Security-Advisory-for-VPNFilter-Malware-on-Some-NETGEAR-Devices
     • QNAP: https://www.qnap.com/en-us/security-advisory/nas-201805-24
     • TP-LINK: https://www.tp-link.com/en/faq-2213.html
     • UBIQUITI: Update to latest firmware, change default passwords
3. Update your wireless router to the manufacturer’s latest recommended firmware, even if not in the list.
4. If you haven’t changed the default device admin password, do so now. Instructions should be provided by the manufacturer. Follow good password practices by using a unique password, that is long (at least 8 characters) and contains letters, numbers and special characters ($%^&!*^…). The device admin password is different than the wireless password.
5. If the device has “remote access” or “remote administration” features, and you don’t need them (or know if you need them), turn them off.

What devices are vulnerable?

The list of vulnerable devices consists mainly of ones that would be running at home or in a small office setting, and includes internet/wireless routers and storage devices:

ASUS DEVICES:
RT-AC66U
RT-N10
RT-N10E
RT-N10U
RT-N56U
RT-N66U

D-LINK DEVICES:
DES-1210-08P
DIR-300
DIR-300A
DSR-250N
DSR-500N
DSR-1000
DSR-1000N

HUAWEI DEVICES:
HG8245

LINKSYS DEVICES:
E1200
E2500
E3000
E3200
E4200
RV082
WRVS4400N

MIKROTIK DEVICES:
CCR1009
CCR1016
CCR1036
CCR1072
CRS109
CRS112
CRS125
RB411
RB450
RB750
RB911
RB921
RB941
RB951
RB952
RB960
RB962
RB1100
RB1200
RB2011
RB3011
RB Groove
RB Omnitik
STX5

NETGEAR DEVICES:
DG834
DGN1000
DGN2200
DGN3500
FVS318N
MBRN3000
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200
WNR4000
WNDR3700
WNDR4000
WNDR4300
WNDR4300-TN
UTM50

QNAP DEVICES:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-LINK DEVICES:
R600VPN
TL-WR741ND
TL-WR841N

UBIQUITI DEVICES:
NSM2
PBE M5

UPVEL DEVICES:
Unknown Models*

ZTE DEVICES:
ZXHN H108N

Questions?

Upic does not support home networking equipment. We recommend you contact the device manufacturer, ISP and/or network provider for primary assistance. If you don’t know who to call, please contact Upic Member Services and we’ll be happy to point you in the right direction.