16 matches found
Zyxel Devices Hit by Active Exploits Targeting CVE-2023-28771 Vulnerability
Zyxel users beware: A critical remote code execution flaw CVE-2023-28771 in Zyxel devices is under active exploitation by a Mirai-like botnet. GreyNoise observed a surge on June 16, targeting devices globally...
Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)
Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
Russian threat actors have been possibly linked to what's been described as the "largest cyber attack against Danish critical infrastructure," in which 22 companies associated with the operation of the country's energy sector were targeted in May 2023. "22 simultaneous, successful cyberattacks...
The Bug Report - May 2023 Edition
The Bug Report – May 2023 Edition By Mark Bereza · June 7, 2023 Why am I here? In the film The Number 23, Jim Carrey masterfully portrays Walter Sparrow, a man who finds himself obsessed with the number 23 after coming upon a book detailing the 23 enigma, and begins to see it everywhere he looks,...
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 CVSS score: 9.8, the issue relates to a command...
Widespread Exploitation of Zyxel Network Devices
Rapid7 is tracking reports of ongoing exploitation of CVE-2023-28771, a critical unauthenticated command injection vulnerability affecting multiple Zyxel networking devices. The vulnerability is present in the default configuration of vulnerable devices and is exploitable in the Wide Area Network...
Exploit for OS Command Injection in Zyxel Atp100_Firmware
CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's ex...
Exploit for OS Command Injection in Zyxel Atp100_Firmware
CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's ex...
Exploit for OS Command Injection in Zyxel Atp100_Firmware
CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's ex...
Zyxel Command Injection (CVE-2023-28771) (Direct Check)
Binary data zyxelCVE-2023-28771direct.nbin...
Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now
Networking equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems. The issue, tracked as CVE-2023-28771, is rated 9.8 on the CVSS scoring system. Researchers from TRAPA Security...
CVE-2023-28771
creationtimestamp| type| source ---|---|--- 2023-04-25 07:24:17+00:00| seen| https://t.me/cibsecurity/62787 2023-04-28 13:46:57+00:00| seen| https://t.me/thehackernews/3294 2023-04-28 15:59:01+00:00| seen| https://t.me/KomunitiSiber/124 2023-04-28 16:05:51+00:00| published-proof-of-concept|...
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...
CVE-2023-28771
CVE-2023-28771 is an OS command injection in Zyxel devices (ZyWALL/USG, VPN, USG FLEX, ATP) due to improper error message handling. A unauthenticated attacker can remotely execute commands by sending crafted UDP/IKE-related packets to affected firmware: Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG li...
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...