CVE-2023-28771 - Zyxel Multiple Firewalls OS Command Injection Vulnerability
Project:Zyxel
Product:Multiple Firewalls
Date Added:2023-05-31Due Date:2023-06-21
Vulnerability Name
Zyxel Multiple Firewalls OS Command Injection Vulnerability
Description
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
https://nvd.nist.gov/vuln/detail/CVE-2023-28771
Related News Articles
Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetJanuary 22, 2025