logo

CVE-2023-28771 - Zyxel Multiple Firewalls OS Command Injection Vulnerability

CVE-2023-28771

Zyxel | Multiple Firewalls

  • Date Added:
  • 2023-05-31
  • Due Date:
  • 2023-06-21
Vulnerability Name

Zyxel Multiple Firewalls OS Command Injection Vulnerability

Description

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-28771

Free security scan for your website