Zyxel Multiple Firewall Vulnerabilities

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

April 25, 2023: Initial release of advisory from vendor on CVE-2023-28771, CVE-2023-33009, CVE-2023-33010
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls

May 31, 2023: CISA added CVE-2023-28771 to its Known Exploited Vulnerability catalog (KEV).

June 5, 2023: CISA added CVE-2023-33009 and CVE-2023-33010 to its Known Exploited Vulnerability catalog (KEV).

June 5, 2023: Mirai based botnet remain active, lately affecting multiple IoT devices. Go to Addtional resources to review the Outbreaks and vulnerabilties related/affected by Mirai based Botnet.

June 5, 2023: FortiGuard added Threat Signal on Zyxel Multiple Firewall Vulnerabilities
https://www.fortiguard.com/threat-signal-report/5179/

July 19, 2023: FortiGuard Labs released a detailed analyis blog article on DDoS botnets targeting Zyxel Vulnerability.
https://www.fortinet.com/blog/threat-research/ddos-botnets-target-zyxel-vulnerability-cve-2023-28771

FortiGuard Labs has released an IPS signature to detect any attack attempts to exploit CVE-2023-28771 and further investigating protections for CVE-2023-33009 and CVE-2023-33010. Antivirus signatures to detect and block known malware related to exploitation of vulnerable Zyxel devices.

It is strongly recommended to update ATP, USG Flex, VPN, and ZyWALL/USG firewalls to prevent exploitation of recent vulnerabilities as per vendor advisory to fully mitigate the risk and look for DoS "Denial of Service" like symptoms that could arise if compromised.
https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices