Security Advisory for D-Link devices that may be vulnerable to VPNFilter Malware

13 June, 2018

Talos Intelligence (“Talos”) recently reported that a malware known as VPNFilter could render IoT devices vulnerable. On June 5, 2018, it was disclosed that the following D-Link products might be affected:

  • DES-1210-08P
  • DIR-300
  • DIR-300A
  • DSR-250N
  • DSR-500N
  • DSR-1000
  • DSR-1000N

D-Link appreciates Talos for making the above disclosure and is taking this report seriously. D-Link began diligently investigating the nature of the malware and its potential threats to our customers. Our initial investigation indicates that the VPNFilter malware may target known vulnerabilities/exploits, of which D-Link has already released firmwares addressing them. 

To help protect your D-Link devices from the VPNFilter malware, we recommend users take the following precautionary steps:

  1. Reboot your device by either powering/switching off the device for 10 seconds before powering back on, or thought the web-configuration. 
  2. Check and make sure that your devices installed with the latest firmware which can be downloaded from the D-Link support website ( 
  3. Perform a factory reset by pressing down the “Reset” button on your device for more than 10 seconds. 
  4. Make sure you set a unique admin password that consists of numbers, letters and special characters. Do not leave the admin password as the default password.
  5. Disable remote management function on your device. 

As this is an ongoing investigation, D-Link will update with further information as soon as it becomes available.