On May 23rd researchers at Cisco discovered an advanced malware, named VPNFilter, that targets routers and NAS devices in order to steal files, information, and examine network traffic as it flows through the device. More details can be found on the powersolution.com blog article titled ‘[ALERT] 500,000+ Consumer Routers Infected with VPNFilter Malware


Originally, VPNFilter was found to infect only 16 device models. Cisco has released new research indicating that VPNFilter can infect 71 different models. The updated list includes the following models:

Asus Devices:
RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)
D-Link Devices:
DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)
Huawei Devices:
HG8245 (new)Linksys Devices:
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
Netgear Devices:
DG834 (new)
DGN1000 (new)
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)
QNAP Devices:
TS439 Pro
*Other QNAP NAS devices running QTS software
TP-Link Devices:
TL-WR741ND (new)
TL-WR841N (new)Ubiquiti Devices:
NSM2 (new)
PBE M5 (new)
UPVEL Devices:
Unknown Models (new)ZTE Devices:
ZXHN H108N (new)

If users can’t update their router’s firmware but would like to wipe the malware from their devices, instructions on how to safely remove the malware are available below. Removing VPNFilter from infected devices is quite a challenge, as this malware is one of two malware strains that can achieve boot persistence

How to remove VPNFilter and protect your router or NAS

To completely remove VPNFilter and protect your router from being infected again, you should follow these steps:

  1. Reset Router to Factory Defaults: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
  2. Upgrade to the latest firmware: Linksys * Netgear * TP-Link * Asus * D-Link * Ubiquiti
  3. Change the default admin passwordLinksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti
  4. Disable Remote Administration: Linksys * Netgear * QNAP * TP-Link * Asus * D-Link * Ubiquiti

Please note that resetting your router to factory defaults will remove all settings. You will then need to reconfigure the device from scratch. If this step seems too advanced, at a minimum, steps 2, 3, and 4 should be followed. At this time, it appears that a factory reset is the only way to completely remove the infection, as VPNFilter achieves boot persistence.

Advisories from router manufacturers regarding VPNFilter can be found at Linksys * Netgear * QNAP * TP-Link

How is your state of IT?

Call Us: (201) 493-1414
Our Awards:
IT Support NJ - Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
IT support NJ - Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution IT industry awards
Scroll to Top