Inadequate maintenance creates dangerous vulnerabilities in firewalls from the Taiwanese company Zyxel.

Systems with a firewall made by Taiwanese company Zyxel are currently extremely vulnerable to attacks due to dangerous vulnerabilities discovered by various cybersecurity specialists.

The problem

The detected vulnerability has a dangerously high CVE score of 9.8 out of 10. If a hacker gains access, Zyxel firewalls become part of a botnet.

The threat is now so old that you can assume that your system has been compromised anyway. That’s what researchers at Shadowserver say: an organization that monitors online threats live. There they saw mainly downstream attacks, in which hackers try to attack other online devices via the vulnerability.

The bug in question was named CVE-2023-28771. Zyxel released a patch for the problem at the end of April, but a launched patch is not the same as an installed patch and that’s where it hurts. The vulnerability is currently being exploited to execute malicious code. Research has shown that no fewer than 43,000 Zyxel systems have been compromised to date.

there is more

The primary focus is on CVE-2023-28771, but according to cybersecurity firm Rapid7, Zyxel’s systems contain two other vulnerabilities that the company patched last week, both also with a score of 9.8.

In turn, the fact that so many infections are still occurring more than a month after Zyxel’s response means that the problem also lies with the owners and administrators of the compromised systems: security updates are simply not implemented on time. There’s a chance that this laxity will affect these two other vulnerabilities as well, and that many more Zyxel systems will fall for them in the near future.

Unfortunately, it’s not the first time that Zyxel has been in the spotlight in this way. Last year there were reports of leaks in both April and May and it had happened more than a year before.