Name of the Vulnerable Software and Affected Versions:

Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73

Zyxel VPN series firmware versions 4.60 through 5.35

Zyxel USG FLEX series firmware versions 4.60 through 5.35

Zyxel ATP series firmware versions 4.60 through 5.35

Description:

The issue is related to improper error message handling in Zyxel devices, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. This vulnerability has been exploited by several distributed denial-of-service (DDoS) botnets, including Mirai botnet variants, and has been used in real-world incidents, such as the cyber attacks targeting Denmark's energy sector in 2023. The estimated number of potentially affected devices worldwide is not specified, but it is known that Zyxel firewalls are widely used by organizations.

Recommendations:

For Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, update to a version outside of this range.

For Zyxel VPN series firmware versions 4.60 through 5.35, update to a version outside of this range.

For Zyxel USG FLEX series firmware versions 4.60 through 5.35, update to a version outside of this range.

For Zyxel ATP series firmware versions 4.60 through 5.35, update to a version outside of this range.

As a temporary workaround, consider restricting access to the vulnerable devices and implementing additional security measures to minimize the risk of exploitation.