HP has issued a warning to customers after it shipped a string of ProCurve 5400 zl switches with malware-infected compact flash cards.
The infected cards did not pose problems for the switch itself.
HP issued a security advisory that the malware was only a risk if the storage card was removed from the switch and reused in a different device, such as a personal computer.
According to HP, the flash card is the "primary non-volatile storage medium located on the [switch's] management module that contains both the boot software and configuration files".
It is removable, for example, in the event that the card fails.
Users can purge the malware by running a script used on the HP switch manager which the company said will not disrupt operations of the switch. Alternatively the management module can be replaced.
A list of vulnerable models was available on the advisory.
In 2008, AusCERT warned that low-risk malware was shipped on USB drives by HP Australia for its ProLiant servers.