NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

wchp's avatar
wchp
Luminary
May 23, 2018
Solved

US-CERT VPNFilter Destructive Malware

https://www.us-cert.gov/ncas/current-activity/2018/05/23/VPNFilter-Destructive-Malware "NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by ...
Troubleshooting
  • DarrenM's avatar
    DarrenM
    May 23, 2018

    NETGEAR is aware of a piece of malware called VPNFilter that might target some NETGEAR routers. 

    To protect against this possible malware, we strongly advise all NETGEAR router owners to take the following steps: 

     

    • Make sure that you are running the latest firmware on your NETGEAR router. Firmware updates include important security fixes and upgrades. For more information, see How do I update my NETGEAR router firmware using the Check button in the router web interface?

     

    • Make sure that you have changed your default admin password. For more information, see How do I change the admin password on my NETGEAR router?

     

    • Make sure that remote management is turned off on your router. Remote management is turned off by default and can only be turned on in your router’s advanced settings. 

     

    To make sure that remote management is turned off on your router: 

    1. On a computer that is part of your home network, type http://www.routerlogin.net in the address bar of your browser and press Enter. 

     

    2. Enter your admin user name and password and click OK. If you never changed your user name and password after setting up your router, the user name is admin and the password is password. 

     

    3. Click Advanced > Remote Management. 

     

    4. If the check box for Turn Remote Management On is selected, clear it and click Apply to save your changes. If the check box for Turn Remote Management On is not selected, you do not need to take any action. 

     

    NETGEAR is investigating and will update this advisory as more information becomes available.

abd1's avatar
abd1
Aspirant
May 30, 2018

I was on vacation when this malware went out. Now that I'm home I'm finding out I was likely affected. I'm trying to follow the instructions for the fix but I cannot get to my router via the browser as I get a 401 error and I do not want to enter my router's serial number in without know it is safe. Since I cannot access my router to check to make sure remote manager is off and/or change the password what should I do?

FURRYe38's avatar
FURRYe38
Guru - Experienced User
May 30, 2018

Disconnect the WAN port from the ISP modem. Press in the reset button in back of the router until the top LED turns Yellow, then let go. After the Top LED slowly starts to blink, you should have access at 192.168.1.1 or at orbilogin.com in a web browser with a LAN cable PC connected to the router. I would disconnect all other devices as well accept for this one wired PC so you can get it set up again. Walk thru the set up wizard and be sure to input a new admin PW. https://www.grc.com/passwords.htm

 

abd1 wrote:

I was on vacation when this malware went out. Now that I'm home I'm finding out I was likely affected. I'm trying to follow the instructions for the fix but I cannot get to my router via the browser as I get a 401 error and I do not want to enter my router's serial number in without know it is safe. Since I cannot access my router to check to make sure remote manager is off and/or change the password what should I do?