CVE-2023-28771 - Zyxel Multiple Firewalls OS Command Injection Vulnerability
CVE-2023-28771
Zyxel | Multiple Firewalls
- Date Added:
- 2023-05-31
- Due Date:
- 2023-06-21
- Vulnerability Name
Zyxel Multiple Firewalls OS Command Injection Vulnerability
- Description
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-28771
Free security scan for your website