Zyxel Firewalls Hacked by Mirai Botnet

A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls.

A Mirai botnet variant has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls.

The Taiwan-based networking device manufacturer informed customers about the security hole on April 25, when it announced the availability of patches for impacted ATP, VPN, USG Flex and ZyWALL/USG firewalls.

The OS command injection vulnerability, found by Trapa Security, is caused by improper error message handling in some firewalls, and it could allow an unauthenticated attacker to remotely execute OS commands by sending specially crafted packets to the targeted device.

By mid-May, security experts reported reproducing the exploit, and Rapid7 warned a few days later that it would likely end up being exploited in the wild.

Rapid7 said it had seen 42,000 instances of internet-exposed Zyxel device web interfaces, but noted ...