06-07-2018 12:50 PM
There has been a lot of discussion today on the recently-revealed VPNFilter malware and how it may impact airOS/airMAX.
airOS v6.1.3 and v8.4.3, both 6 months or more old, have been verified as protected against this.
We did not check further back, but it is likely other older releases in these release lines are also protected. This attack also cannot install itself if you follow general good security practice - complex login credentials, non publicly accessible devices, disabling unused services, etc.
We are contacting the originators of this report as their research is inaccurate; it relies on using outdated versions of airOS software with inadequate security configurations, and then doesn't specify that in the report itself, which is misleading.
TL;DR: if you are using v6.1.3/v8.4.3 or later you are protected, but make sure you are also using general good network security practices. Upgrade to the latest firmware and always review and use current good network and device security practices.