Does VPNFilter impact on Peplink version 7.1 firmware?
2 Likes
The article does not explain how the devices are initially exploited…
“At the time of this publication, we do not have definitive proof on how the threat actor is exploiting the affected devices. However, all of the affected makes/models that we have uncovered had well-known, public vulnerabilities. Since advanced threat actors tend to only use the minimum resources necessary to accomplish their goals, we assess with high confidence that VPNFilter required no zero-day exploitation techniques.”
I would suggest it unlikely Peplink devices are affected since there are no known Peplink exploits that have not been patched by the latest firmware release.
Keep your devices on the latest firmware is the best advice against this potential malware, and once the attack vector has been discovered, the Peplink team will comment on that specifically I’m sure.
2 Likes
Update here FBI tells router users to reboot now to kill malware infecting 500k devices | Ars Technica
3 Likes
Thanks Martin for the notes. Until now there is no indication that Peplink devices are affected, but our security team will continue to monitor this threat and its latest development.
3 Likes
Thanks guys.
Is there anything more recent on this with respect to Peplink devices?
Our security team still continue monitoring on this.
Latest info you can check on the URL below:
1 Like
Forgive this noob question but I was reading that blog and where it says
“The x86 version of the dstr module was analyzed in-depth. This module first deleted itself from the disk and then stops the execution of the parent Stage 2 process. It will then search all running process for ones named vpnfilter, security, and tor and terminate them. Next, it explicitly deletes the following files and directories:”
I looked for all those directories and files but I couldn’t find any. Should I be worried?
PS. (off topic) I read somewhere that the rule on the SOHO that prevents ddos and a whole list of other vulnerabilities is automatically set to ‘On’ in Firmware 7.1.0.
I have that firmware and still had to activate it manually.
Edit: Sorry is this in the Balance forum? I thought it was in the SOHO forum as the exploit mentions SOHO.