Huawei Zero-Day Vulnerability Caused Luxembourg Telecom Outage
Published
Key Takeaways
- Nationwide telecom outage: A zero-day vulnerability in Huawei enterprise routers reportedly disrupted Luxembourg's networks for over three hours.
- Undocumented router flaw: Specially crafted network traffic forced POST Luxembourg infrastructure into a continuous restart loop.
- Silent disclosure gap: Ten months later, no CVE identifier or public operator warning has been issued.
On July 23, 2025, an attack exploiting a previously unknown vulnerability in Huawei enterprise router software caused a nationwide telecommunications outage in Luxembourg. This zero-day incident severely disrupted mobile networks, landline connections, and critical emergency communications for more than three hours.
Malformed Traffic Triggers Restart Loop
Paul Rausch, head of communications at the state-owned operator POST Luxembourg, said the incident was a denial-of-service (DoS) attack targeting a network device. According to Rausch, the disruption exploited a non-public, non-documented behavior within the network hardware, noting that no patch was available at the time of the crash.
However, official investigators found no evidence that the attack specifically targeted POST Luxembourg. The country’s public prosecutor said an investigation revealed that the outage occurred as the corrupted data simply passed through the systems and “caused their systems to stop and reboot instead of simply relaying the data.”
The outage occurred due to specially crafted network traffic, which initiated the hardware failure. As this malicious data traversed the network, it sent the Huawei enterprise routers into a continuous restart loop, crashing critical infrastructure, Recorded Future News says.
Missing Disclosures and European Response
Following the disruption, Luxembourg authorities and Huawei held technical meetings to understand the root cause of the network failure, according to Anne Jung, spokesperson for the High Commission for National Protection. Concurrently, Luxembourg cybersecurity authorities alerted partner incident response teams across Europe so they could monitor their own environments.
Despite these internal communications, a significant disclosure gap remains. Ten months after the incident, no CVE identifier has been filed in any public vulnerability database. Consequently, no public warning has been issued to other network operators utilizing the same Huawei equipment.
This month, Google announced it detected the first potentially AI-generated zero-day exploit. In early April, reports indicated that APT28’s DNS hijacking targeted vulnerabilities in SOHO routers, affecting 200 organizations and 5,000 consumer devices globally.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular