Security Notice - Statement on the Disclosure of Malware VPNFilter by the Cisco Talos Team
- SA No:huawei-sn-20180607-01-vpnfilter
- Initial Release Date: 2018-06-07
- Last Release Date: 2018-06-08
Huawei has noticed that the Cisco Talos team reported malware VPNFilter on its blog website, indicating that VPNFilter was continuously infecting routers from multiple vendors and mentioning Huawei HG8245 product. Huawei promptly communicated with the Cisco Talos team. The Cisco Talos team has confirmed that they have not detected attack traffic against the HG8245 up to now, and Huawei is not aware of any live network attack of this malware.
We suggest taking the following measures to enhance device security:
(1) Change default passwords.
(2) Disable unnecessary WAN ports exposed to the Internet.
Related investigation is still ongoing. Huawei PSIRT may update the security notice anytime and will provide technical analysis and conclusion as soon as possible. Please stay tuned.
2018-06-08 UPDATE Update the "Security Notice" description.
2018-06-07 INITIAL
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to get necessary support for product security vulnerabilities. For TAC contact information, please refer to Huawei worldwide website at: http://www.huawei.com/en/psirt/report-vulnerabilities.
