Attacks exploiting critical Zyxel vulnerability underway

BleepingComputer reports that ongoing attacks leveraging a critical command injection vulnerability, tracked as CVE-2023-28771, impacting several Zyxel firewall and VPN devices have been confirmed by Rapid7. Zyxel devices affected by the bug include ATP ZLD V4.60 to V5.35, VPN- ZLD V4.60 to V5.35, USG FLEX ZLD V4.60 to V5.35, and ZyWALL/USG ZLD V4.60 to V4.73. Shadowserver researchers initially reported that the flaw, which has already been addressed by Zyxel in April, has been used in attacks aimed at establishing a Mirai-like botnet since May 26. Meanwhile, the utilization of a publicly available proof-of-concept exploit by cybersecurity researcher Kevin Beaumont a day prior suggests the possibility of more powerful attacks using the flaw. Ongoing attacks have prompted the Cybersecurity and Infrastructure Security Agency to add CVE-2023-28771 to its Known Exploited Vulnerabilities catalog and urge the adoption of available patches by June 21. Aside from the actively exploited flaw, Zyxel has also recently addressed the critical CVE-2023-33009 and CVE-2023-33010 vulnerabilities.