CVE-2023-28771
Zyxel Multiple Firewalls OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
99.3%
p100
KEV
YES
May 31, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Zyxel / Multiple Firewalls
Vulnerability
Zyxel Multiple Firewalls OS Command Injection Vulnerability
Added to KEV
May 31, 2023
Remediate by
Jun 21, 2023
Known ransomware use
No
Summary description
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
Required action
Apply updates per vendor instructions.
Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-28771