"Vulnerability in Zyxel Firewalls May Soon Be Widely Exploited"

Rapid7 researchers have warned that a recently patched command injection vulnerability, tracked as CVE-2023-28771, affecting various Zyxel firewalls may soon be exploited in the wild. This warning comes after publishing a technical analysis and proof-of-concept (PoC) script that triggers the vulnerability and achieves a reverse root shell. The vulnerability impacts Zyxel APT, USG FLEX, and VPN firewalls running versions v4.60 to v5.35 of the ZDL firmware, and Zyxel ZyWALL/USG gateways/firewalls running ZLD v4.60 to v4.73. These firewall devices monitor and control network traffic, have Virtual Private Network (VPN) and Secure Sockets Layer (SSL) inspection capabilities, and provide extra protection against malware and other threats. The vulnerability stems from improper error message handling. It can be triggered by sending a specially crafted User Datagram Protocol (UDP) packet to port 500 on the WAN interface of vulnerable devices, allowing an attacker to execute OS commands as the root user. This article continues to discuss the potential exploitation and impact of the command injection vulnerability. 

Help Net Security reports "Vulnerability in Zyxel Firewalls May Soon Be Widely Exploited"