How to know if your router may be infected by the VPNFilter virus

How to know if your router may be infected by the VPNFilter virus

Another danger stalks the network, infecting hundreds of routers around the world. This is VPNFilter, a new type of malware created by hacker groups of Russian origin, which has made even the FBI nervous. It was the United States police department that had to warn of the spread of the virus. VPNFilter has already infected more than 500,000 routers in 50 countries around the world, and its expansion appears to be far from slowing down. Will your router be among the infected?

The new malware was discovered about two weeks ago by security companies Cisco and Symantec. At first they thought that the main objective of VPNFilter was to infect routers, NAS or switches of small offices or homes to mount a huge botnet with the purpose of launching massive coordinated attacks on specific targets. Basically, it was believed to be a type of malware that would not endanger users' computers . The truth is that it seems that this is not quite so. It is now thought that this virus also aims to attack PCs around the world. Symantec and Cisco have found that this malware can also bypass SSL encryption, inject more malicious code into incoming traffic, and steal sensitive data such as passwords.

How to know if your router is among the infected

Experts say that VPNFilter is infecting routers around the world. Therefore, there is a small possibility that your device has been attacked, and this is something you have to keep in mind to take action. Next, we leave you the list of router models that have been affected by malware. Check if yours is among them.

Asus :

  • RT-AC66U
  • RT-N10
  • RT-N10E
  • RT-N10U
  • RT-N56U
  • RT-N66U

D-Link :

  • DES-1210-08P
  • DIR-300
  • DIR-300A
  • DSR-250N
  • DSR-500N
  • DSR-1000
  • DSR-1000N

Huawei :

  • HG8245

Linksys :

  • E1200
  • E2500
  • E3000
  • E3200
  • E4200
  • RV082
  • WRVS4400N

Mikrotik :

  • CCR1009
  • CCR1016
  • CCR1036
  • CCR1072
  • CRS109
  • CRS112
  • CRS125
  • RB411
  • RB450
  • RB750
  • RB911
  • RB921
  • RB941
  • RB951
  • RB952
  • RB960
  • RB962
  • RB1100
  • RB1200
  • RB2011
  • RB3011
  • RB Groove
  • RB Omnitik
  • STX5

Netgear :

  • DG834
  • DGN1000
  • DGN2200
  • DGN3500
  • FVS318N
  • MBRN3000
  • R6400
  • R7000
  • R8000
  • WNR1000
  • WNR2000
  • WNR2200
  • WNR4000
  • WNDR3700
  • WNDR4000
  • WNDR4300
  • WNDR4300-TN
  • UTM50


  • TS251
  • TS439 Pro
  • Other QNAP models running QTS software

TP-Link :

  • R600VPN
  • TL-WR741ND
  • TL-WR841N

Ubiquiti :

  • NSM2
  • PBE M5

Upvel :

  • Unknown models


  • ZXHN H108N


If your model is on this list and you think it may be infected, Symantec recommends restarting it immediately to prevent malware from blocking the router. This is a temporary solution, as VPNFilter would still have the power to infect you. Another thing you can do, while the manufacturer releases a firmware update, is to perform a hard reset that restores the router to factory settings. We recommend that you make a backup copy of all configuration settings and credentials before doing so, as they will be erased during the process.

The real danger of VPNFilter is to take control of your computer and obtain confidential information, such as passwords or bank accounts. In addition, among the infected routers there are very common brands in the homes of our country . ASUS, D-Link, Huawei or ZTE. As we say, at the moment there are about 500,000 affected routers in 50 countries around the world, so the figure is not what is said small.