logo
Home/CVEs/CVE-2023-28771/

CVE-2023-28771 - Zyxel Multiple Firewalls OS Command Injection Vulnerability

Project:Zyxel

Product:Multiple Firewalls

Date Added:2023-05-31Due Date:2023-06-21

Vulnerability Name

Zyxel Multiple Firewalls OS Command Injection Vulnerability

Description

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

https://nvd.nist.gov/vuln/detail/CVE-2023-28771

Related News Articles

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetJanuary 22, 2025