CVE-2023-28771
CVE-2023-28771
In short
A flaw in Zyxel firewalls allows attackers to run system commands on the device without logging in, by sending specially crafted packets. This is critical because it gives complete control over the affected firewall.
Technical detail
CWE-78 (OS Command Injection) via improper error message handling in Zyxel ZyWALL/USG/VPN/USG FLEX/ATP firmware versions 4.60–5.35. Unauthenticated remote attacker can inject OS commands through crafted network packets, resulting in arbitrary code execution with device privileges.
Summary generated and translated by AI from the official description.
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Zyxel · ATP series firmwareZyxel · USG FLEX series firmwareZyxel · VPN series firmwareZyxel · ZyWALL/USG series firmwarepublic PoCs found — 3
githubgithub.com/benjaminhays/CVE-2023-28771-PoC★ 30githubgithub.com/JinParkmida/cve-2023-28771-demo★ 0cve_referencepacketstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-28771https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls