Last month, Zyxel disclosed a remote command execution vulnerability affecting a handful of their product families. This vulnerability has been assigned CVE-2023-28771, and with a CVSSv3 score of 9.8, this vulnerability is considered highly critical. Attackers who send a specially crafted packet to UDP port 500 on an affected Zyxel device could execute arbitrary commands or create a denial-of-service condition.
Along with this disclosure, Zyxel announced updated software to address this issue; information about the update is available here.
There are reports that this vulnerability is being actively exploited in the wild. In the device’s default configuration, the vulnerable port is often exposed to the public Internet.
Finding affected devices using runZero
You can locate Zyxel devices with the exposed by visiting the Asset Inventory and using the following pre-built query:
hw:"Zyxel" and udp_port:500
The devices found by this query should be checked to make sure they are running a patched version of their firmware.
As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.