Zyxel RCE Vulnerability: When Hackers Attack and Devices Go Wack!
Attackers have targeted the Zyxel RCE vulnerability CVE-2023-28771, prompting a wave of exploit attempts. GreyNoise researchers reported 244 unique IPs involved, mainly from Verizon Business. Despite potential IP spoofing, all were flagged as malicious. The focus? Zyxel devices in the U.S., U.K., Spain, Germany, and India.
Hot Take:
If you thought the only thing that could ruin your day was a bird pooping on your freshly washed car, think again! Zyxel devices are feeling the heat as hackers target them like they’re on a mission to find the last clean shirt in a teenager’s wardrobe. CVE-2023-28771 is the latest villain in the cybersecurity saga, and it seems like the Mirai botnet is auditioning for the role of lead antagonist. Spoiler alert: there are 244 IPs on the guest list, and they’re not here for the hors d’oeuvres.
Key Points:
- Zyxel devices are under attack due to a high-severity remote code execution vulnerability (CVE-2023-28771).
- GreyNoise detected a surge of exploit attempts on June 16, 2025, linked to the Mirai botnet.
- The attacks predominantly target the U.S., U.K., Spain, Germany, and India.
- 244 IP addresses have been identified, mainly from Verizon Business, though they might be spoofed.
- GreyNoise and Zyxel have provided mitigation steps, including IP blocking and patching devices.