Latest Zyxel vulnerability #
Last month, Zyxel disclosed a remote command execution vulnerability affecting a handful of their product families. This vulnerability has been assigned CVE-2023-28771, and with a CVSSv3 score of 9.8, this vulnerability is considered highly critical. Attackers who send a specially crafted packet to UDP port 500 on an affected Zyxel device could execute arbitrary commands or create a denial-of-service condition.
Along with this disclosure, Zyxel announced updated software to address this issue; information about the update is available here.
There are reports that this vulnerability is being actively exploited in the wild. In the device's default configuration, the vulnerable port is often exposed to the public Internet.
Finding affected devices using runZero #
You can locate Zyxel devices with the exposed by visiting the Asset Inventory and using the following pre-built query:
hw:"Zyxel" and udp_port:500
The devices found by this query should be checked to make sure they are running a patched version of their firmware.
As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.