I noticed in the Cisco Talos blog (https://blog.talosintelligence.com/2018/06/vpnfilter-update.html) today that Ubiquiti NSM2 and PBE M5 were listed as having been compromised by VPNFilter (the AirOS version was not listed). Not much of a concern given we typically reflash these devices pretty quickly, but I've been looking into whether openwrt (and by implication, AREDN) may be vulnerable. Thus far, most posts promote recent versions of openwrt and DD-WRT as a prophylactic measure, but I have not seen any comments explaining why these devices are not vulnerable. Does anyone have any actual knowledge regarding VPNFilter vulnerability in openwrt?
Thanks.
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer
Secondary attack vector would have to be to attack some sort of exploit inside the system such as poor GUI code, a flaw in a daemon (like the SSH daemon or the web server daemon.) Newer versions of software USUALLY have less flaws so this is why running latest version is the default prophylactic response, if you close 3 vulnerabilities they can’t be used to install the flaw.