• Language chooser
    • USA (English)
    • France (Français)
    • Italy (Italiano)
    • Latin America (Español)
    • Brazil (Portugués)
    • Germany (Deutsch)
    • Korea (한국어)
    • Japan (Beta) (日本語)

Zyxel Router Command Injection Attack

Released: Aug 09, 2023

Medium Severity

Routers Platform

Vulnerability, Attack Type

Actively targeted end-of-life router in the wild

A command injection vulnerability that allows remote attackers to easily exploit CWP (Control Web Panel) with a crafted HTTP request which can result in Remote Code Execution. According to Shodan, there are thousands of servers that could still be vulnerable to CVE-2022-44877. This vulnerability can be leveraged to perform ransomware attacks or exfiltration of data. Learn More »

Common Vulnerabilities and Exposures



Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems. In the previous year, vulnerabilities (CVE-2021-45466 & CVE-2021-454667) related to CWP were released which may be used to exploit a preauth remote command execution.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Aug 25, 2022: CWP released security patches for CVE-2022-44877 at https://control-webpanel.com/changelog#1674073133745-84af1b53-c121

Jan 17, 2023: CISA added CVE-2022-44877 to known exploited vulnerability (KEV) list at https://www.cisa.gov/known-exploited-vulnerabilities-catalog.
FortiGuard Labs released an IPS signature and has observed attack attempts targeting the CWP vulnerability. FortiGuard Labs also recommends its customers to update their CWP to the latest version as soon as possible.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

  • AV

  • Vulnerability

  • AV (Pre-filter)

  • IPS

  • Application Firewall

  • Outbreak Detection

  • IOC

  • Threat Hunting

  • Assisted Response Services

  • Automated Response

  • InfoSec Services

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status url Active
Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days


Avg 0