← ExploitWatch
HomeExploited Vulnerabilities

CVE-2023-28771 — Actively Exploited: Multiple Firewalls (Zyxel)

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

CVE IDCVE-2023-28771
VendorZyxel
ProductMultiple Firewalls
Vulnerability nameZyxel Multiple Firewalls OS Command Injection Vulnerability
Date added2023-05-31
Remediation due2023-06-21
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionZyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →