Kitz Forum
Announcements => News Articles => Topic started by: Bowdon on June 07, 2018, 10:40:07 AM
-
https://www.ispreview.co.uk/index.php/2018/06/vpnfilter-malware-targeting-more-consumer-broadband-routers.html (https://www.ispreview.co.uk/index.php/2018/06/vpnfilter-malware-targeting-more-consumer-broadband-routers.html)
Last month security researchers found that a sophisticated and “likely state-sponsored” malware, dubbed VPNFilter, had become widespread and was infecting business devices from Linksys, MikroTik, NETGEAR and TP-Link. Sadly the code is now also hitting kit from ASUS, D-Link, Huawei, Ubiquiti, UPVEL and ZTE.
Known Affected Devices
Asus Devices:
RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)
D-Link Devices:
DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)
Huawei Devices:
HG8245 (new)
Linksys Devices:
E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N
Mikrotik Devices:
CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)
Netgear Devices:
DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)
QNAP Devices:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link Devices:
R600VPN
TL-WR741ND (new)
TL-WR841N (new)
Ubiquiti Devices:
NSM2 (new)
PBE M5 (new)
Upvel Devices:
Unknown Models* (new)
ZTE Devices:
ZXHN H108N (new)
* Malware targeting Upvel as a vendor has been discovered, but they are unable to determine which specific device it is targeting.
I noticed my old RT-N66U is on the list. It is scary that so many router vendors are using the same base software in their devices. One base attack seems to take down many of them.
-
Interesting that my Asus DSL-AC88U is not on the list, possibly down to the Broadcom firmware?
-
Looks like it exploits Busybox (https://busybox.net/about.html) compiled for certain architectures. Won't be related to the DSL firmware per se.
-
I noticed the article didnt say how we'd actually notice if the router was infected.
Is there any way to tell?