Reply
Highlighted
Aspirant

Re: Security Advisory for VPNFilter Malware on Some Routers

Sorry in advance for the novice question. I have the R7000. I've seen several articles advising to reset router to factory conditions then reinstall. I hit the reset button on my router then launched the Nighthawk app on my phone to start setting it up. Everything came right back just as I had set it up without me having to change anything.
Am I good to go? The three things the article says to do (maintain updated firmware, change default PW, and don't allow remote access) I've already done.
Everything is working well so I want to check in with some experts before I start "breaking my router".
Thanks for the advice,
AJ
Message 26 of 59
Highlighted
Star

Re: Security Advisory for VPNFilter Malware on Some Routers

Cisco listed these:

 

• Linksys E1 200
• Linksys E2500
• Linksys WRVS4400N
• Mikrotik RouterOS for Cloud Core Routers: Versions 101 6,1036, and 1072
• Netgear DGN2200
• Netgear R6400
• Netgear R7000
• Netgear R8000
• NetgearWNR1000
• Netgear WNR2000
• QNAP TS251
• ONAP TS439 Pro
• Other QNAP NAS devices running QTS software
• TP-Link R600VPN

Message 27 of 59
Highlighted

Re: Security Advisory for VPNFilter Malware on Some Routers

AJ, when you say you "hit" the reset button, you need to make sure you actually used a paper clip, stuck it into the reset hole, and pressed the inset button for at least 7 seconds.  You can release the reset button when the power light begins to turn orange.  Here are the instructions:

 

https://www.shopkeep.com/support/hardware/r7000-nighthawk-smart-wireless-router-setup

 

And, of course you also want to make sure you have your remote management option turned off, as previously mentioned in this message thread.  There are directions on how to do that on Netgear's site, under their article about the VNSFilter bug.

Message 28 of 59
Highlighted
Tutor

Re: Security Advisory for VPNFilter Malware on Some Routers

Turn off UPNP when not in use. LONG TIME VIRUES EXPLOTATION.

Message 29 of 59
Highlighted

Re: Security Advisory for VPNFilter Malware on Some Routers

Staragi, very good point. UPnP (Universal Plug n Play) should be turned OFF, long known avenue for exploitation.  That feature can be found on The Advanced tab - Advanced Setup - UPnP.  You would think the default would be OFF.  I checked mine, it was turned on.  That is an oversite by Netgear imho.  Be sure to click "Apply" when you turn this feature off, to update your settings.  I'm also surprised none of the security folks talking about securing your router mention this well known exploit window.  Thanks for mentioning this.

Message 30 of 59
Highlighted
Aspirant

Re: Security Advisory for VPNFilter Malware on Some Routers

Thanks for all the info!
I successfully reset my router last night. Will disable the UPNP next. Is it possible to disable via the Nighthawk app or just the Netgear genie?
Thanks again!
Message 31 of 59
Highlighted

Re: Security Advisory for VPNFilter Malware on Some Routers

2 q's.

 

Is UPNP a recognized attack vector for VPNFilter?  Or are we just talking "best-practices" here.

 

If we dissable UPNP, Sonos and other apps that use it will start to fail correct?  Or can they still use UPNP independant of the router?

Message 32 of 59
Highlighted

Re: Security Advisory for VPNFilter Malware on Some Routers

Not a known attack channel for VPNFilter that I can find, just a very well known "wormhole" for exploits. If the VPNFilter virus writers are smart, they would have looked into this wormhole I would think.  And yes, other apps may have difficulties with communicating with your router, so you can then set up port forwarding if necessary.

Message 33 of 59
Highlighted
Aspirant

Re: Security Advisory for VPNFilter Malware on Some Routers

In order to exploit UPNP, they'd have to be in range of my router right?
Message 34 of 59
Highlighted
Initiate

Re: Security Advisory for VPNFilter Malware on Some Routers

i have a c7000 and got the malware. i did a factory reset. i cant update the firmware. i read that since its a cable modem router combo, netgear disabled customers abilities to update. it must come from the ISP. but i bought this on amazon. my ISP isnt going to do anything. how can i update this? ill just get the malware back again and again. at least, a replacement under warranty should be done if i cant update.

Message 35 of 59
Highlighted
Tutor

Re: Security Advisory for VPNFilter Malware on Some Routers

No the UPNP explotation can be executed remotely. That is why it is important to disable. 

Message 36 of 59
Highlighted
Tutor

Re: Security Advisory for VPNFilter Malware on Some Routers

My cable provider is also playing ignorant when asked about updating the firmware on my router. I understand why Netgear has disabled this feature, but it sucks. And now that more viruses are exploiting the router itself, it looks like the cable provider is getting exactly what they want. You have to get their router. If Netgear and others want to sell cable routers they need to work closer with the cable provider. Pushing customers off to the cable provider is not going to end well for third party cable router providers.

Message 37 of 59
Highlighted
Retired_Member
Not applicable

Re: Security Advisory for VPNFilter Malware on Some Routers

Yes, after upgrading the router to the latest firmware, the stability and the distance reach of 5GHz band significantly dropped.

Message 38 of 59
Highlighted
Tutor

Re: Security Advisory for VPNFilter Malware on Some Routers

Netgear R7900P Nighthawk X6S 

 

Okay folks, I'm at wits end and would appreciate any insight in how to get device WiFi connections working again.

Since applying the latest firmware (V1.4.1.10_1.2.14) I'm unable to successfully authenticate a wireless device. Keep getting "incorrect password for network "....""  The password of course matches whats saved in the router configuration. 

I've reset the router 2x to factory settings, changed the admin password 2x, applied the firmware 2x, disabled UPNP and verified remote management is disabled.

I've even tried changing the wifi password/s to something new, all to no avail. My connection via ethernet works but I need wifi up.

 

What should I do here folks?  Any assistance to get my wifi operational would be greatly appreciated. 

SCinVA 

Message 39 of 59
Highlighted

Re: Security Advisory for VPNFilter Malware on Some Routers

SC, try re-enabling UPnP and see if you can get the wireless device connected.  If this is the case, then you know what the culprit is.

Message 40 of 59
Highlighted
Tutor

Re: Security Advisory for VPNFilter Malware on Some Routers

Re-enabled UPNP and still receive "Incorrect password for "ssid name here"

Message 41 of 59
Highlighted
Retired_Member
Not applicable

Re: Security Advisory for VPNFilter Malware on Some Routers

 

Deleted 

 

Message 42 of 59
Highlighted
Retired_Member
Not applicable

Re: Security Advisory for VPNFilter Malware on Some Routers

Sorry, my earliest posting was incorrect!

 

On the devices with "incorrect password for network " use "forget this network" and input the new password. 

 

The setup with Genie on iOS is problematic as this cannot forget old settings even after reinstaling the app on iDevices...

Message 43 of 59
Highlighted
Star

Re: Security Advisory for VPNFilter Malware on Some Routers

For R7000  users  that need to reset see attached PDF (3 pages from the manual)

 

I recommend you do this at a time when you can endure the downtime until you reestablish the configuration. I also recommend to backup and later restore backed up settings after the factory reset.

 

A small paperclip for 7 or more seconds with the unit powered on should do to the R7000 what Dave did to the HAL 9000, except for the singing Daisy, Daisy part.

 

Message 44 of 59
Highlighted
Tutor

Re: Security Advisory for VPNFilter Malware on Some Routers

Thanks to everyone for the timely feedback. Worked with Netgear support on the phone for over 2hrs yesterday performing all of these and other steps. Even had the tech remote in to verify config etc. Dropped back several firmware versions too. Painful and frustrating to say the least. After ultimately consulting w/ L2/L3 support hardware replacement was final verdict. 

Thanks again!

Message 45 of 59
Highlighted
Aspirant

Re: Security Advisory for VPNFilter Malware on Some Routers

right

Message 46 of 59
Highlighted
Aspirant

Re: Security Advisory for VPNFilter Malware on Some Routers

In addition to the WNR1000v2 I have an FVS338 here.  Both are listed as vulnerable and their latest firmware dates back a while.  I believe both of these are EOL, so is there a way to deal with this other than replacement?  Is there an easy way to determine if they have been infected?

 

The only suggestions I see here are to reset to factory and then reconfigure them.  I have settings backed up from both, would restoring these reinfect the routers?  If so, is there a simple way to isolate the non-defaults in the backups for manual reentry?

 

Dave

Model: WNR1000v2|Wireless Router|EOL
Message 47 of 59
Highlighted
Aspirant

Re: Security Advisory for VPNFilter Malware on Some Routers

I have a r7500v2 router and wanted to know if the r7000 on the list of effected devices is just the r7000 that is effected and not the entire 7000 series of routers.

Message 48 of 59
Highlighted
Aspirant

Re: Security Advisory for VPNFilter Malware on Some Routers

 
Message 49 of 59
Highlighted
Aspirant

Re: Security Advisory for VPNFilter Malware on Some Routers

I also tried a reset last night and although the power light went orang (it looked red but could have been orange) the router appearred to reset, or it could have just been a reboot. Light went dark then came back, white at first. As said above, nn of my custom settings changed and I counted to 10+ seconds before removing the pen. I tried this twice. I went ahead and updated the firmware but was wonder if I should do the reset again? Thanks in advnce.

Message 50 of 59
Top Contributors
Discussion stats
Announcements