← All articles

Huawei VRP router zero-day crashed Luxembourg's entire telecom network for 3+ hours (July 2025, disclosed now)

Recorded Future News has connected last summer's three-hour POST Luxembourg outage - which took down landline, 4G, and 5G networks across the country and left residents unable to dial emergency services - to a zero-day in Huawei enterprise routers running VRP. Specially crafted network traffic merely passing through caused the routers to enter a continuous restart loop. Luxembourg's prosecutor concluded no one had targeted Luxembourg specifically; the data was just transit traffic. Huawei has not assigned a CVE for the bug and routes its enterprise advisories through a restricted customer portal rather than publicly, leaving operators with little ability to track exposure.

Check
Inventory Huawei VRP-based routers (NetEngine, AR series, CloudEngine) and software versions. Confirm direct access to Huawei's restricted customer portal so you receive enterprise advisories.
Affected
Huawei enterprise routers running VRP that process untrusted internet traffic. Service providers are most exposed; downstream enterprise customers face transit risk.
Fix
Apply the latest Huawei VRP updates via your customer portal. Where possible, deploy multi-vendor diversity at network borders so a single buggy product cannot take down your entire WAN.