Zyxel Vulnerability CVE-2023-28771: A Threat to Your Network
CVE-2023-28771 Improper error message handling in Zyxel ZyWALL/USG series firmware version 4.60 through 4.73. VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS command remotely by sending crafted packets to an affected device. While reviewing the log of DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771 attempt, analyzed the payload and some identification and understanding their phases which I mentioned below. Log <XXX>date=XXXX-XX-XX time=XX:XX:XX devname="xxx-xx-xx" devid="XX-xxx-xxx" logid="*****" type="traffic" subtype="local" level="notice" vd="root" eventtime=***** srcip= 10 9.207.200.47 srcport= 500 srcintf=" wan2 " srcintfrole=" wan " dstip=X.X.X.X dstport= 500 dstintf=unknown-0 dstintfrole="undefined...
.png)
.png)
