LMi.net is constantly watching for potential security risks on the internet to ensure that our network and the networks of our customers remain secure. Recent news coverage has brought to light the existence of a piece of malicious software known as VPNFilter that specifically targets routers and network-attached-storage (NAS) devices, as opposed to most malware which typically targets end user devices like your desktop or laptop.
The exact nature of the initial exploit and vulnerability is not fully understood at this time, and the FBI and other intelligence agencies have advised specific actions due to the wide reaching and uncertain nature in this circumstance. They have advised to reboot, or simply shut off and turn back on your router or NAS to break any current connection. If the router has not been updated, or the credentials for the device remain as the insecure default credentials, it is best to factory reset the device, perform any available firmware updates, and change the administrative credentials.
Not all devices are affected. This exploit was intended to target specific models from specific manufacturers to ensure the widest reach possible while targeting as few devices as possible. As such, the following manufacturers were found to be affected: Linksys, MikroTik, Netgear, and TP-Link, as well as QNAP network-attached storage (NAS) devices
Specifically, these models were affected:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
If you are currently using any of the above devices, please ensure that you, at the very least, reboot your device. This will remove any of the more involved malicious software which could potentially render the device unusable or steal your information. The safest route from there is to factory reset the device, apply any updates, and change the administrative credentials.
LMi.net has previously provided Netgear routers in the past, and we are currently performing an audit and sweep to ensure that customers who may be affected are aware of the situation and that we assist in taking the necessary steps to ensure the security and well being of all of our customers. The devices that we currently provide, specifically our SmartRG and Zyxel devices, are not known to be affected. There have been no cases of these devices being compromised as of yet, but we will remain vigilant and ensure that if any new information comes to light, that we take the appropriate action. Nonetheless, it is not harmful to reboot the device to be safe, though a full reset of the device is unnecessary at this time.
If you have a Netgear router and would like to secure it on your own, you can perform the following steps:
Change the default administrative password
We will provide any new updates and necessary action as we continue to observe the situation. If we find that you are currently using a device affected by this malware, we will be in contact soon. If you would like to contact us, please do not hesitate, we want to ensure our customers safety and security.