VPNFilter Malware & Medialink Routers

Image: Talos Intelligence

[Updated Wednesday June 6, 2018]

Here’s the bottom line:

Medialink routers are not known to be vulnerable to this new threat called VPNFilter. You do not need to update your firmware. Your router is (currently) safe from this attack.

Here’s what the FBI wants you to do to help them:

Reboot your router. Unplug the power and plug it back in. That’s it!

When you reboot (aka power cycle) your router, you interrupt the process of the malware known as VPNFilter. This will help the FBI understand which devices are under attack because they will be able to see the new traffic as the router powers back on and the malware reconnects to the system. But again, Medialink routers are not currently targeted by this threat. By power cycling your router, you are just helping to confirm that Medialink routers are not being targeted.

What is VPNFilter anyway?

VPNFilter is the latest security threat to consumer routers in the US and all over the world. The threat is believed to come from Russia and its purpose is to steal your data. The people behind this malicious software are trying to implant their software in your home router and capture all of your sensitive data as it flows from your home out to the internet. Cisco was the first to identify the threat and has done extensive research regarding the implications of the malware. According to Cisco, this threat appears to be ever-growing and more and more devices are being targeted. We will act swiftly and accordingly if we discover the software is targeting Medialink routers.

The full list of devices targeted by VPNFilter malware is currently as follows:

Asus Devices:
RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

D-Link Devices:
DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

Huawei Devices:
HG8245 (new)

Linksys Devices:
E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

Mikrotik Devices:
CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)

Netgear Devices:
DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

QNAP Devices:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-Link Devices:
R600VPN
TL-WR741ND (new)
TL-WR841N (new)

Ubiquiti Devices:
NSM2 (new)
PBE M5 (new)

UPVEL Devices:
Unknown Models (new)

ZTE Devices:
ZXHN H108N (new)

The full list of devices can be found in Cisco’s reported findings here. 

Still not quite comfortable?

The way to get rid of the malware is to perform a factory reset on the router. It is nearly impossible to tell if your router is affected. So to be safe, the FBI recommends that you factory reset your router. Medialink routers are equipped with either a pinhole reset button or a raised reset button that can be held for 10 seconds. After the reset, you will have to reconfigure your router. The connection to the internet may need to be reestablished and you will have to change the WiFi name and password back to your normal choices. For steps to reconfigure your router after a reset, please email us at support@mediabridgeproducts.com and be sure to include your router’s model number found on the sticker on the bottom or the back of the router.

Medialink Router Models:

MWN-WAPR150N

MWN-WAPR150Nv2

MWN-WAPR300N

MWN-WAPR300NE

MLWR-AC1200