NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

DERoss's avatar
DERoss
Apprentice
May 23, 2018
Solved

VPNFilter Destructive Malware

Windows 7

Netgear N300 Wireless Router Model WNR2000v5

Firmware V1.0.0.64 

GUI V1.0.0.204

 

US-CERT (an agency within the U.S. Department of Homeland Security) issued an advisory this morning regarding VPNFilter malware affecting networking equipment.  Links in that advisory lead to indications that Netgear routers -- including WNR2000 routers -- are among the devices vulnerable to that malware.  Can someone confirm that WNR2000 includes WNR2000v5?  If my router is indeed vulnerable, how soon will there be a firmware update? 

 

Security
  • johngm's avatar
    johngm
    Jun 21, 2018

    You should be all set with that FW revision.   In this case we were informed by a third party and law enforcement that some unknown number of our devices including but potentially not limited to a list we were given, had been corrupted by a known hacking organization.   We were not told anything more than that, other than a reboot would either clean the device or have it identify itself to a server which had been set up by the FBI as a honey pot.   Any devices which exhibited this behavior would be handled by the FBI.  

     

    From what we could determine, we believe that our devices on current firmware releases, were probably not impacted but we simply did not have sufficient data to confirm this.   Our advice to our customers was to follow the best practices we have communicated, including changing default passwords, making sure remote management is disabled and having the product on the most recent firmware.  

     

    By following the procedure outlined you probably reset an uninfected device, but we do have to rely upon the FBI to run down any units which this remediation did not address.

     

     

9 Replies

    • martintechguy's avatar
      martintechguy
      Initiate
      May 31, 2018

      And how is that ANY kind of answer to the question posted by DERoss?

       

      Netgear's "Security Advisory for VPNFilter Malware on Some Routers" announcement (https://kb.netgear.com/000058814) says NOTHING about the WNR2000 model. It seems to ONLY address the "Wireless AC Router Nighthawk R7000" model.

       

      As of this evening, https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware lists a total of six vulnerable Netgear models.

       

      Thus I wonder about johngm's supposed "expert" status.

    • DERoss's avatar
      DERoss
      Apprentice
      May 31, 2018
      martintechguy is quite correct.  johngm's replied with a link to a Web page that states "This article applies to:Wireless AC Router Nighthawk R7000 ".  My original message clearly stated that I was inquiring about a WNR2000v5.  Thus johngm's reply is not responsive. 
      • DERoss's avatar
        DERoss
        Apprentice
        Jun 21, 2018

        According to arstechnica.com, Netgear WNR2000 routers are indeed affected by this.  I have a Netgear WNR2000v5.  Is Netgear WNR2000v5 included in the alert about Netgear WNR2000v? 

         

        This is a simple question.  Please answer, but do not answer about a router that I do not have.  That is, do not answer about Wireless AC Router Nighthawk R7000.