Zyxel, the manufacturer of networking devices based in Taiwan, recently faced a cybersecurity issue when a Mirai botnet variant began exploiting the vulnerability CVE-2023-28771. The vulnerability was patched a few days after being discovered by Trapa Security. It is an OS command injection vulnerability caused by improper error message handling in some firewalls. An unauthenticated attacker could remotely execute OS commands by sending malicious packets to the targeted device.
## Exploitation and Consequences
By mid-May, researchers reported reproducing the exploit, and Rapid7 warned that it could be exploited in the wild. The researchers noted that they had seen 42,000 instances of internet-exposed Zyxel device web interfaces, but the actual number of exploitable devices was likely much higher.
Security researcher Kevin Beaumont tweeted on Thursday that the vulnerability CVE-2023-28771 has been “mass exploited” by a Mirai botnet variant, with many SMB appliances affected. Mirai botnets typically abuse compromised devices to launch Distributed Denial-of-Service (DDoS) attacks, which can be huge.
It is not uncommon for cybercriminals to target Zyxel’s devices using recently patched vulnerabilities. The firm released fixes for two other flaws affecting its firewalls – CVE-2023-33009 and CVE-2023-33010 – that could allow unauthenticated attackers to cause a Denial-of-Service condition or execute arbitrary code on affected devices.
## Zyxel’s Reaction
Zyxel promptly informed its customers about the security flaw and made patches available for impacted ATP, VPN, USG Flex, and ZyWALL/USG firewalls. The firm is urging its customers to apply patches as soon as possible to avoid being compromised.
## Editorial and Advice
This latest incident illustrates the importance of keeping networking devices up to date to prevent exploitation by hackers. Cybersecurity professionals should frequently check for security patches and apply them immediately to prevent hackers from taking over their systems.
IoT devices, including firewalls, are most vulnerable. Hackers are quick to exploit such devices, given the ever-increasing number of connected devices worldwide. It is essential to secure them adequately, and firms need to prioritize investing in robust IoT cybersecurity solutions to defend against cyberattacks.
The Internet of Things is the future; its potential is enormous, and we cannot allow cyber threats to hinder its growth. We must find ways to secure IoT infrastructure, including firmware updates, sandboxing, and automotive software.
As the world increasingly depends on Internet-enabled devices, the need for robust security measures to secure them has never been more crucial. This latest incident with Zyxel firewalls shows that there are still cybersecurity issues that need to be addressed. It is only by taking proactive steps that we can ensure the security of our IoT infrastructure.
#en-US **About the author:**
is an editor at the New York Times who writes extensively on current affairs, with a particular focus on cybersecurity issues. He has a degree in journalism and a keen interest in technology and its impact on society. Edward is an expert in online security and privacy and is well-versed in the latest threats affecting IoT devices.
<< photo by Kindel Media >>
