Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
Jun 01, 2023
Network Security / Exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting different firewall models that could enable an unauthenticated attacker to execute arbitrary code by sending a specially crafted packet to the device. Zyxel addressed the security defect as part of updates released on April 25, 2023. The list of impacted devices is below - ATP (versions ZLD V4.60 to V5.35, patched in ZLD V5.36) USG FLEX (versions ZLD V4.60 to V5.35, patched in ZLD V5.36) VPN (versions ZLD V4.60 to V5.35, patched in ZLD V5.36), and ZyWALL/USG (versions ZLD V4.60 to V4.73, patched in ZLD V4.73 Patch 1) The Shadowserver Foundation, in a recent tweet , said the flaw is "being actively exploited to build a Mirai-like botnet " since M