A critical flaw in Zyxel devices is being exploited by multiple DDoS botnets to gain remote control of vulnerable systems and launch devastating attacks. The flaw, tracked as CVE-2023-28771, is a command injection bug that could allow an unauthorized actor to execute arbitrary code by sending a specifically crafted packet to the targeted appliance.

How the Attack Works

The attack begins with the attacker sending a malicious packet to a vulnerable Zyxel device. The packet contains a specially crafted command that, when executed, gives the attacker control of the device. The attacker can then use the device to launch a DDoS attack against another target.

The Impact of the Attack

The impact of the attack can be devastating. A DDoS attack can bring down a website or service, making it unavailable to users. In some cases, DDoS attacks have even caused financial losses.

How to Protect Yourself

There are a number of steps that you can take to protect yourself from this attack. First, make sure that you have all of your Zyxel devices up to date with the latest security patches. Second, use a firewall to block malicious traffic from reaching your devices. Finally, be aware of the signs of a DDoS attack and take action if you see them.


It is important to keep your Zyxel devices updated with the latest security patches as a result of the attack on them. By doing so, you can help to protect yourself from this attack and other similar attacks.