Based on the information from multiple sources, routers from Linksys, MikroTik, Netgear, and TP-Link, as well as QNAP network-attached storage (NAS) devices are vulnerable to this malware.
Based on information from
Symantec, vulnerable models include, but are not limited to:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
To find possible vulnerable devices in your network. You can run the report below to get an overview of all routers and NAS devices of the known affected manufacturers. We recommend rebooting the devices and updating to the latest firmware version.
Instructions on how to run this report in Lansweeper can be found
here.Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Description,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Where (tblAssetCustom.Manufacturer In ('Linksys', 'Mikrotik', 'Netgear',
'TP-Link') And tsysAssetTypes.AssetTypename = 'Router') Or
(tblAssetCustom.Manufacturer Like '%QNAP%' And tsysAssetTypes.AssetTypename =
'NAS')
Order By tblAssets.AssetName