Security advisory for the VPNFilter malware

 

CVE: N/A

 

Summary

There’s currently no report indicating that Zyxel devices are vulnerable to the VPNFilter malware or the seven additional third-stage VPNFilter modules discovered recently. However, because VPNFilter is targeting networking devices with known vulnerabilities, we urge all users to upgrade their devices to the latest available firmware for optimal protection.

 

What’s the vulnerability?

According to a disclosure by Cisco Talos in May, a piece of malware called VPNFilter was targeting networking devices by exploiting either their default credentials or known vulnerabilities. Seven new exploitation modules of the malware were reported in September. After a successful initial attack, an affected device downloads malicious code onto its system remotely from the command and control server.

 

What products are vulnerable?

There’s currently no evidence suggesting that Zyxel products are vulnerable to VPNFilter or its new exploitation modules, and we haven’t received any report – from a customer, researcher, or other party – of the vulnerability affecting any Zyxel device.

 

What should you do?

  • Ensure your devices are running the latest available firmware.
  • Change the default password as soon as you log in to a new device for the first time.
  • Use strong, unique passwords for every device and change them regularly.
  • Don't enable remote access unless it's absolutely necessary.

 

Got a question or a tipoff?

Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it – contact  security@zyxel.com.tw and we’ll get right back to you.

 

Acknowledgment

Cisco Talos 
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://blog.talosintelligence.com/2018/09/vpnfilter-part-3.html

 

Revision history

2018-05-25: Initial release
2018-10-01: Added reference to Cisco Talos’ further finding