Xfinity plant
Xfinity globe
Community Forum

Sidecar router and VPNFilter malware

Contributor

Sidecar router and VPNFilter malware

So I see that my Xfinity Home sidecar router is a Netgear WNR1000, one of the models potentially affected by the VPNFilter malware. I haven't seen a post yet on the subject here specifically with regards to Xfinity Home routers, but since I don't have direct access to check/update the firmware on this router, what can I do to ensure the router isn't vulnerable? I rebooted it as soon as I learned it was part of the issue, but that isn't a long term solution. Is there an official Comcast position on this?

Tags (1)
Expert

Re: Sidecar router and VPNFilter malware

The router does not have access to the Internet, so there is no issue.

Contributor

Re: Sidecar router and VPNFilter malware

It definitely has access to the internet, that's the whole point of having the router rather than relying on cellular data only for connectivity isn't it? If you're speaking more of the fact that the sidecar router sits behind another router (which has not been listed as a compromised model... so far), sure, but it was directly connected to my cable modem by the tech for a period during installation of the security system and without being able to directly access the configuration myself I can't verify much else about it, and certainly not do a factory reset as recommended for this malware.

New Poster

Re: Sidecar router and VPNFilter malware

I too would like to hear an official response on that.  My guess on the response is that since the username and password are not default and also it most likely isn't directly ON the internet it's safe.  I would think for 99.9% of the setups, the comcast gateway is the actual firewall and the netgear is just working as a glorified access point.  I personally would rather be able to use my own wifi rather than mixing signals, worrying about if the home security people care about cyber security etc...   The devices use zigbee to communicate I believe so other than monitoring and remote access, what is the wifi used for? 

 

My network is corporate secured, has better range, signal, AP's, and even dual internet connectivity (my home security one is a 3rd!).  But instead I have a consumer grade Netgear router that may or may not be hacked acting as a rigged up wifi access point while junking up signal for me and the neighbors.

Highlighted
Regular Contributor

Re: Sidecar router and VPNFilter malware


@Brian-Indy wrote:

The devices use zigbee to communicate I believe so other than monitoring and remote access, what is the wifi used for?


It is used to communicate with the touch control panel and to communicate with the cameras.  As you already pointed out, the sensors are communicating with the panel via zigbee.

Problem Solver

Re: Sidecar router and VPNFilter malware

There is an official position, and it's marked the Answer on this thread:

 

https://forums.xfinity.com/t5/Anti-Virus-Software-Internet-Security/This-is-the-VPN-filter-malware-t...


"Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman
New Poster

Re: Sidecar router and VPNFilter malware

This device without question accesses the internet. This is from my firewall sitting on the other side of the sidecar router:

 

Screen Shot 2018-06-20 at 11.03.29 AM.png

 

I have actively disallowed the WNR and its friends from accessing any of my other VLANs as I do not control the Comcast devices, per se.