CVE-2023-28771β€”Zyxel Multiple Firewalls OS Command Injection Vulnerability

PUBLISHEDvulnerability record
2023-05-31 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2023-28771
Project:
Zyxel
Product:
Multiple Firewalls
Date Added:
2023-05-31
Due Date:
2023-06-21
Last Updated:
June 21, 2025

Vulnerability Name

Zyxel Multiple Firewalls OS Command Injection Vulnerability

Description

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply updates per vendor instructions.

Additional Notes

Related News Articles

Related Weaknesses