CVE-2023-28771βZyxel Multiple Firewalls OS Command Injection Vulnerability
PUBLISHEDvulnerability record
2023-05-31 Β· last modified June 21, 2025
Metadata
Vulnerability Name
Zyxel Multiple Firewalls OS Command Injection Vulnerability
Description
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
Known To Be Used in Ransomware Campaigns?
Action
Apply updates per vendor instructions.