This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
US-CERT (an agency within the U.S. Department of Homeland Security) issued an advisory this morning regarding VPNFilter malware affecting networking equipment. Links in that advisory lead to indications that Netgear routers -- including WNR2000 routers -- are among the devices vulnerable to that malware. Can someone confirm that WNR2000 includes WNR2000v5? If my router is indeed vulnerable, how soon will there be a firmware update?
You should be all set with that FW revision. In this case we were informed by a third party and law enforcement that some unknown number of our devices including but potentially not limited to a list we were given, had been corrupted by a known hacking organization. We were not told anything more than that, other than a reboot would either clean the device or have it identify itself to a server which had been set up by the FBI as a honey pot. Any devices which exhibited this behavior would be handled by the FBI.
From what we could determine, we believe that our devices on current firmware releases, were probably not impacted but we simply did not have sufficient data to confirm this. Our advice to our customers was to follow the best practices we have communicated, including changing default passwords, making sure remote management is disabled and having the product on the most recent firmware.
By following the procedure outlined you probably reset an uninfected device, but we do have to rely upon the FBI to run down any units which this remediation did not address.
And how is that ANY kind of answer to the question posted by DERoss?
Netgear's "Security Advisory for VPNFilter Malware on Some Routers" announcement (https://kb.netgear.com/000058814) says NOTHING about the WNR2000 model. It seems to ONLY address the "Wireless AC Router Nighthawk R7000" model.
martintechguy is quite correct. johngm's replied with a link to a Web page that states "This article applies to:Wireless AC Router Nighthawk R7000 ". My original message clearly stated that I was inquiring about a WNR2000v5. Thus johngm's reply is not responsive.
According to arstechnica.com, Netgear WNR2000 routers are indeed affected by this. I have a Netgear WNR2000v5. Is Netgear WNR2000v5 included in the alert about Netgear WNR2000v?
This is a simple question. Please answer, but do not answer about a router that I do not have. That is, do not answer about Wireless AC Router Nighthawk R7000.
Sorry for the confusion. Due to an archaic tagging system our security advisories have to be tagged to a "specific" product and we chose the Nighthawk router for that honor on this security advisory. If you read the content of the attached advisory, you will clearly see that it lists the router you have as being impacted.
Thank you for your clarification. My settings were already according to your Web page's directions. I updated to Firmware Version V1.0.0.64 on 13 March 2018, before the VPNFilter alerts were published. Will there be a firmware update to address that malware?
You should be all set with that FW revision. In this case we were informed by a third party and law enforcement that some unknown number of our devices including but potentially not limited to a list we were given, had been corrupted by a known hacking organization. We were not told anything more than that, other than a reboot would either clean the device or have it identify itself to a server which had been set up by the FBI as a honey pot. Any devices which exhibited this behavior would be handled by the FBI.
From what we could determine, we believe that our devices on current firmware releases, were probably not impacted but we simply did not have sufficient data to confirm this. Our advice to our customers was to follow the best practices we have communicated, including changing default passwords, making sure remote management is disabled and having the product on the most recent firmware.
By following the procedure outlined you probably reset an uninfected device, but we do have to rely upon the FBI to run down any units which this remediation did not address.
"You should be all set with that FW revision": Sheer guesswork, speculation, and avoidance of addressing the problem.
"We were...told...a reboot would...clean the device": Passing the buck, avoidance of independent thought and verification.
"From what we could determine, we believe that our devices on current firmware releases, were probably not impacted but we simply did not have sufficient data to confirm this": In other words, they don't have the slightest idea.
"Our advice to our customers was to follow the best practices we have communicated, including changing default passwords, making sure remote management is disabled and having the product on the most recent firmware": And if brushing your teeth could prevent you from getting hit by a car, then we should have a discussion about delusional and magical thinking.
DERoss please note: In my opinion johngm's reponse to you is COMPLETELY misleading. He did NOT give you anything concrete or specific, and clearly admitted that Netgear has done NO TESTING and has NO IDEA whether this router (or many others) are vulnerable or not vulnerable.
From everything I have read about this malware, IF your router is infected with this malware, rebooting it will NOT, will NOT, will NOT "clean" the device of the malware completely. Rebooting does clear SOME of it, but it is possible that the remaining portion which easily survives a reboot may fully re-infect it.
Thus you should NOT take ANY reassurance in such vague and incomplete statements, and therefore this issue is NOT "Resolved" at all. You should assume that your router is completely vulnerable to this malware until you specifically learn otherwise.
Since, as far as I can tell, Netgear has made zero effort to actually confirm any vulernability to this malware in older routers like yours (and mine, since I have a WNR2000v2), and since they probably have no liability if they do get infected, in my opinion they therefore have zero financial incentive to life a finger to help users like you or me.
