- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: VPNFilter Destructive Malware
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Windows 7
Netgear N300 Wireless Router Model WNR2000v5
Firmware V1.0.0.64
GUI V1.0.0.204
US-CERT (an agency within the U.S. Department of Homeland Security) issued an advisory this morning regarding VPNFilter malware affecting networking equipment. Links in that advisory lead to indications that Netgear routers -- including WNR2000 routers -- are among the devices vulnerable to that malware. Can someone confirm that WNR2000 includes WNR2000v5? If my router is indeed vulnerable, how soon will there be a firmware update?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be all set with that FW revision. In this case we were informed by a third party and law enforcement that some unknown number of our devices including but potentially not limited to a list we were given, had been corrupted by a known hacking organization. We were not told anything more than that, other than a reboot would either clean the device or have it identify itself to a server which had been set up by the FBI as a honey pot. Any devices which exhibited this behavior would be handled by the FBI.
From what we could determine, we believe that our devices on current firmware releases, were probably not impacted but we simply did not have sufficient data to confirm this. Our advice to our customers was to follow the best practices we have communicated, including changing default passwords, making sure remote management is disabled and having the product on the most recent firmware.
By following the procedure outlined you probably reset an uninfected device, but we do have to rely upon the FBI to run down any units which this remediation did not address.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPNFilter Destructive Malware
This was posted earlier today in the Security Advisories section of the MyNETGEAR web.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPNFilter Destructive Malware
And how is that ANY kind of answer to the question posted by DERoss?
Netgear's "Security Advisory for VPNFilter Malware on Some Routers" announcement (https://kb.netgear.com/000058814) says NOTHING about the WNR2000 model. It seems to ONLY address the "Wireless AC Router Nighthawk R7000" model.
As of this evening, https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware lists a total of six vulnerable Netgear models.
Thus I wonder about johngm's supposed "expert" status.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPNFilter Destructive Malware
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPNFilter Destructive Malware
According to arstechnica.com, Netgear WNR2000 routers are indeed affected by this. I have a Netgear WNR2000v5. Is Netgear WNR2000v5 included in the alert about Netgear WNR2000v?
This is a simple question. Please answer, but do not answer about a router that I do not have. That is, do not answer about Wireless AC Router Nighthawk R7000.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPNFilter Destructive Malware
Sorry for the confusion. Due to an archaic tagging system our security advisories have to be tagged to a "specific" product and we chose the Nighthawk router for that honor on this security advisory. If you read the content of the attached advisory, you will clearly see that it lists the router you have as being impacted.
I should have been clearer.
VPNFilter Malware Security Advisory
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPNFilter Destructive Malware
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be all set with that FW revision. In this case we were informed by a third party and law enforcement that some unknown number of our devices including but potentially not limited to a list we were given, had been corrupted by a known hacking organization. We were not told anything more than that, other than a reboot would either clean the device or have it identify itself to a server which had been set up by the FBI as a honey pot. Any devices which exhibited this behavior would be handled by the FBI.
From what we could determine, we believe that our devices on current firmware releases, were probably not impacted but we simply did not have sufficient data to confirm this. Our advice to our customers was to follow the best practices we have communicated, including changing default passwords, making sure remote management is disabled and having the product on the most recent firmware.
By following the procedure outlined you probably reset an uninfected device, but we do have to rely upon the FBI to run down any units which this remediation did not address.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPNFilter Destructive Malware
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPNFilter Destructive Malware
"You should be all set with that FW revision": Sheer guesswork, speculation, and avoidance of addressing the problem.
"We were...told...a reboot would...clean the device": Passing the buck, avoidance of independent thought and verification.
"From what we could determine, we believe that our devices on current firmware releases, were probably not impacted but we simply did not have sufficient data to confirm this": In other words, they don't have the slightest idea.
"Our advice to our customers was to follow the best practices we have communicated, including changing default passwords, making sure remote management is disabled and having the product on the most recent firmware": And if brushing your teeth could prevent you from getting hit by a car, then we should have a discussion about delusional and magical thinking.
DERoss please note: In my opinion johngm's reponse to you is COMPLETELY misleading. He did NOT give you anything concrete or specific, and clearly admitted that Netgear has done NO TESTING and has NO IDEA whether this router (or many others) are vulnerable or not vulnerable.
From everything I have read about this malware, IF your router is infected with this malware, rebooting it will NOT, will NOT, will NOT "clean" the device of the malware completely. Rebooting does clear SOME of it, but it is possible that the remaining portion which easily survives a reboot may fully re-infect it.
Thus you should NOT take ANY reassurance in such vague and incomplete statements, and therefore this issue is NOT "Resolved" at all. You should assume that your router is completely vulnerable to this malware until you specifically learn otherwise.
Since, as far as I can tell, Netgear has made zero effort to actually confirm any vulernability to this malware in older routers like yours (and mine, since I have a WNR2000v2), and since they probably have no liability if they do get infected, in my opinion they therefore have zero financial incentive to life a finger to help users like you or me.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more