2 min Security

Critical Zyxel vulnerability is being actively exploited

Critical Zyxel vulnerability is being actively exploited

A critical vulnerability in Zyxel network devices is currently being actively exploited. A new software flaw has also recently been found in the manufacturer’s network devices.

The critical vulnerability in several Zyxel network devices, CVE-2023-28771 has been known and patched since late April. This allows the standard configuration to be exploited to perform unauthorized remote code execution by sending a specially modified IKEv2 packet to the UDP port 500.

The vulnerability is present in the Zyxel models ATP – ZLD with firmware versions V4.60 to V5.35, USG FLEX – ZLD with firmware versions V4.60 to V5.35, VPN – ZLD with firmware versions V4.60 to V5.35 and ZyWALL/USG – ZLD with firmware versions V4.60 to V4.73.

Active misuse

It now appears that the vulnerability is being actively exploited. Among other things, the vulnerability would be exploited by a botnet similar to Mirai, according to Shadowserver. The U.S. cyber watchdog CISA and security specialist Rapid7 also confirm the active abuse.

It is recommended that patches be implemented as soon as possible.

New vulnerability

Furthermore, security specialist Sternum Security very recently discovered that Zyxel NAS devices also have a critical vulnerability. This concerns the Linux-based Zyxel NAS326, NAS540 and NAS542 storage devices with firmware version 5.21.

This requires an update to manipulate the internal clock in the devices. In this way, it is possible for an authorized end user to execute any command with root privileges on the device. Hackers with proper authentication can use this to inject remote malware, for example.

Again, a patch is available and users are encouraged to install it as soon as possible.

Also read: Rapid7 discovers critical vulnerability in Zyxel firewalls