CVE-2023-28771 - Zyxel Multiple Firewalls OS Command Injection Vulnerability

CVE ID:CVE-2023-28771

Project:Zyxel

Product:Multiple Firewalls

Date Added:2023-05-31Due Date:2023-06-21

Vulnerability Name

Zyxel Multiple Firewalls OS Command Injection Vulnerability

Description

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

https://nvd.nist.gov/vuln/detail/CVE-2023-28771

Top Security News

Top CVE List

Top Alert List

CSP
Content Security Policy (CSP) Header Not Set
MediumAbsence of Anti-CSRF Tokens
MediumMissing Anti-clickjacking Header
InformationalInformation Disclosure - Suspicious Comments
LowCross-Domain JavaScript Source File Inclusion
MediumContent Security Policy (CSP) Header Not Set
LowTimestamp Disclosure - Unix
LowCSP: X-Content-Security-Policy
InformationalRe-examine Cache-control Directives