Fortinet warns of high-volume flaw exploitation in Zyxel router

An alert issued by Fortinet is informing the public that the Gafgyt botnet malware is currently actively being used to exploit a five-year-old vulnerability in the Zyxel P660HN-T1A router, according to BleepingComputer. Zyxel patched the vulnerability, a critical-severity unauthenticated command injection flaw designated CVE-2017-18368 found in the device's Remote System Log forwarding function, back in 2017. The company also warned users of the Gafgyt variant when it emerged in 2019 and urged users to upgrade their device's firmware to the latest version to prevent a takeover. However, the volume of attacks has been steadily high with an average of 7,100 attacks recorded by Fortinet daily since the start of July 2023. The Cybersecurity and Infrastructure Security Agency recently issued an alert on the active exploitation of CVE-2017-18368 and added it to its known exploited vulnerabilities catalog. It has also instructed federal agencies to install the Zyxel vulnerability patch by Aug. 28. Meanwhile, Zyxel has warned that the P660HN-T1A model reached end-of-life several years ago, and support for it has long halted, and urged users to obtain a newer-generation product.