• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Zyxel Router Command Injection Attack

Released: Aug 09, 2023

Download PDF »

Zyxel Router Command Injection

Medium Severity

Routers Platform

Vulnerability, Attack Type

Actively targeted end-of-life router in the wild

A command injection vulnerability that allows remote attackers to easily exploit CWP (Control Web Panel) with a crafted HTTP request which can result in Remote Code Execution. According to Shodan, there are thousands of servers that could still be vulnerable to CVE-2022-44877. This vulnerability can be leveraged to perform ransomware attacks or exfiltration of data. Learn More »

Common Vulnerabilities and Exposures

CVE-2017-18368

Background

Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems. In the previous year, vulnerabilities (CVE-2021-45466 & CVE-2021-454667) related to CWP were released which may be used to exploit a preauth remote command execution.

Threat Radar Overall Score:
CVSS Rating 9.0
FortiRecon Score 90/100
Known Exploited Yes
Exploit Prediction Score 97.52%
FortiGuard Telemetry 8283

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Aug 25, 2022: CWP released security patches for CVE-2022-44877 at https://control-webpanel.com/changelog#1674073133745-84af1b53-c121


Jan 17, 2023: CISA added CVE-2022-44877 to known exploited vulnerability (KEV) list at https://www.cisa.gov/known-exploited-vulnerabilities-catalog.
FortiGuard Labs released an IPS signature and has observed attack attempts targeting the CWP vulnerability. FortiGuard Labs also recommends its customers to update their CWP to the latest version as soon as possible.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • Vulnerability

  • AV (Pre-filter)

  • IPS

  • Application Firewall

DETECT

  • Outbreak Detection

  • IOC

  • Threat Hunting

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
http://103.110.33.164/mips url Active