Attackers target Zyxel RCE vulnerability CVE-2023-28771
GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices. On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execution flaw impacting Zyxel IKE decoders over UDP port 500. “Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On June 16, GreyNoise observed […]
GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices.
On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execution flaw impacting Zyxel IKE decoders over UDP port 500.
“Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On June 16, GreyNoise observed a concentrated burst of exploit attempts within a short time window, with 244 unique IPs observed attempting exploitation.” reads the alert published by GreyNoise.
The main targets of the CVE-2023-28771 exploit were the U.S., U.K., Spain, Germany, and India. Interestingly, the attacking IPs showed no other suspicious activity in the two weeks before June 16, the attempts focused solely on this specific vulnerability.
GreyNoise has observed exploit attempts targeting CVE-2023-28771 — an RCE vuln affecting Zyxel devices. Full analysis + malicious IPs 
Read More
