Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
There is no evidence that the incident has recurred, but the flaw remains unexplained and has not been publicly acknowledged by the company.
An attack exploiting a previously unknown vulnerability in Huawei enterprise router software caused a nationwide telecoms outage in Luxembourg last year, according to multiple sources briefed on the matter, disrupting mobile, landline and emergency communications for more than three hours.
The vulnerability has never been publicly disclosed. No CVE identifier — used by cybersecurity professionals worldwide to track software flaws and protect their systems — has been filed in any public database in the ten months since the incident, and no public warning has been issued to other operators running the same equipment.
Paul Rausch, the head of communications at POST Luxembourg, the state-owned operator whose network failed, said the incident was a denial-of-service (DoS) attack targeting a network device. He confirmed it exploited “a non-public, non-documented behaviour, for which no patch was available at the time” and was “not related to the exploitation of any known or previously documented vulnerabilities.”
Source: https://therecord.media/huawei-zero-day-behind-last-year-luxembourg-telecom-outage
Related breach coverage
- Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash2026-05-20
A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The attack disrupted landline, 4G, 5G, and emergency communications for more than three hours after specially crafted […]
- Microsoft issues YellowKey mitigation, no patch yet2026-05-20
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS […]
- Grafana refuses to pay ransom after codebase theft2026-05-18
On Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.
- NGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to light2026-05-14
Researchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good chance you do, this week brought news worth stopping for. Security researchers at depthfirst disclosed a critical heap buffer overflow vulnerability in both NGINX Plus and […]