All the routers affected by VPNFilter malware

In May, Symantec warned about new malware, known as VPNFilter, which targets routers and network-attached storage devices.

VPNFilter can knock out and kill infected devices, and unlike most IoT threats, it can survive a reboot.

VPNFilter has various malicious capabilities, which include spying on traffic routed through the device.

“Its creators appear to have a particular interest in SCADA industrial control systems, creating a module which specifically intercepts Modbus SCADA communications,” said Symantec.

Good news is that the malware does not appear to scan and indiscriminately infect every vulnerable device.


Cisco Talos recently discovered that VPNFilter was targeting more routers and NAS devices than initially thought, and has additional capabilities.

It said VPNFilter is capable of infecting enterprise and small office and home office routers from ASUS, D-Link, Huawei, Linksys, MikroTik, Netgear, TP-Link, Ubiquiti, Upvel, and ZTE.

The malware can also infect and make it possible to attack QNAP NAS devices.

Devices affected by VPNFilter
ASUS D-Link Linksys TP-Link
ASUS RT-AC66U D-Link DES-1210-08P Linksys E1200 TP-Link R600VPN
ASUS RT-N10 D-Link DIR-300 Linksys E2500 TP-Link TL-WR741ND
ASUS RT-N10E D-Link DIR-300A Linksys E3000 TP-Link TL-WR841N
ASUS RT-N10U D-Link DSR-250N Linksys E3200
ASUS RT-N56U D-Link DSR-500N Linksys E4200 Huawei
ASUS RT-N66U D-Link DSR-1000 Linksys RV082 Huawei HG8245
D-Link DSR-1000N Linksys WRVS4400N
Ubiquiti ZTE Upvel QNAP
Ubiquiti NSM2 ZTE Devices ZXHN H108N Upvel Devices – unknown models QNAP TS251
Ubiquiti PBE M5 QNAP TS439 Pro
Other QNAP NAS devices running QTS software
MikroTik Netgear
MikroTik CCR1009 MikroTik CCR1016 Netgear DG834 Netgear DGN1000
MikroTik CCR1036 MikroTik CCR1072 Netgear DGN2200 Netgear DGN3500
MikroTik CRS109 MikroTik CRS112 Netgear FVS318N Netgear MBRN3000
MikroTik CRS125 MikroTik RB411 Netgear R6400 Netgear R7000
MikroTik RB450 MikroTik RB750 Netgear R8000 Netgear WNR1000
MikroTik RB911 MikroTik RB921 Netgear WNR2000 Netgear WNR2200
MikroTik RB941 MikroTik RB951 Netgear WNR4000 Netgear WNDR3700
MikroTik RB952 MikroTik RB960 Netgear WNDR4000 Netgear WNDR4300
MikroTik RB962 MikroTik RB1100 Netgear WNDR4300-TN Netgear UTM50
MikroTik RB1200 MikroTik RB2011
MikroTik RB3011 MikroTik RB Groove
MikroTik RB Omnitik MikroTik STX5

What owners should do

If you own one of these devices, you should immediately reboot it. This will temporarily remove the destructive component of VPNFilter.

However, if infected, the continuing presence of the malware means the full VPNFilter can be reinstalled by attackers.

Performing a hard reset of the device, which restores factory settings, should wipe it clean and remove all traces of the malware.

Users should also apply the latest available patches to affected devices and ensure that none use default credentials.

Netgear advised its customers to change default passwords and ensure that remote management is turned off.

Now read: How South African comedians lost R300,000 in email scam

Latest news

Partner Content

Show comments


Share this article
All the routers affected by VPNFilter malware