Zyxel Multiple Firewalls OS Command Injection Vulnerability

Summary

CVE	CVE-2023-28771
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-25 02:15:00 UTC
Updated	2023-06-09 18:12:00 UTC
Description	Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Risk And Classification

EPSS: 0.943460000 probability, percentile 0.999570000 (date 2026-04-02)

CISA KEV: Listed on 2023-05-31; due 2023-06-21; ransomware use Unknown

Problem Types: CWE-78

CISA Known Exploited Vulnerability

Vendor	Zyxel
Product	Multiple Firewalls
Name	Zyxel Multiple Firewalls OS Command Injection Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-28771

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Zyxel	Atp100	-	All	All	All
Hardware	Zyxel	Atp100w	-	All	All	All
Operating System	Zyxel	Atp100w Firmware	All	All	All	All
Operating System	Zyxel	Atp100 Firmware	All	All	All	All
Hardware	Zyxel	Atp200	-	All	All	All
Operating System	Zyxel	Atp200 Firmware	All	All	All	All
Hardware	Zyxel	Atp500	-	All	All	All
Operating System	Zyxel	Atp500 Firmware	All	All	All	All
Hardware	Zyxel	Atp700	-	All	All	All
Operating System	Zyxel	Atp700 Firmware	All	All	All	All
Hardware	Zyxel	Atp800	-	All	All	All
Operating System	Zyxel	Atp800 Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 100	-	All	All	All
Hardware	Zyxel	Usg Flex 100w	-	All	All	All
Operating System	Zyxel	Usg Flex 100w Firmware	All	All	All	All
Operating System	Zyxel	Usg Flex 100 Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 200	-	All	All	All
Operating System	Zyxel	Usg Flex 200 Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 50	-	All	All	All
Hardware	Zyxel	Usg Flex 500	-	All	All	All
Operating System	Zyxel	Usg Flex 500 Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 50w	-	All	All	All
Operating System	Zyxel	Usg Flex 50w Firmware	All	All	All	All
Operating System	Zyxel	Usg Flex 50 Firmware	All	All	All	All
Hardware	Zyxel	Usg Flex 700	-	All	All	All
Operating System	Zyxel	Usg Flex 700 Firmware	All	All	All	All
Hardware	Zyxel	Vpn100	-	All	All	All
Hardware	Zyxel	Vpn1000	-	All	All	All
Operating System	Zyxel	Vpn1000 Firmware	All	All	All	All
Operating System	Zyxel	Vpn100 Firmware	All	All	All	All
Hardware	Zyxel	Vpn300	-	All	All	All
Operating System	Zyxel	Vpn300 Firmware	All	All	All	All
Hardware	Zyxel	Vpn50	-	All	All	All
Operating System	Zyxel	Vpn50 Firmware	All	All	All	All
Hardware	Zyxel	Zywall Usg 100	-	All	All	All
Operating System	Zyxel	Zywall Usg 100 Firmware	All	All	All	All
Operating System	Zyxel	Zywall Usg 100 Firmware	4.73	-	All	All
Hardware	Zyxel	Zywall Usg 310	-	All	All	All
Operating System	Zyxel	Zywall Usg 310 Firmware	All	All	All	All
Operating System	Zyxel	Zywall Usg 310 Firmware	4.73	-	All	All

References

Reference	Source	Link	Tags
packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-...	MISC	packetstormsecurity.com
Zyxel security advisory for OS command injection vulnerability of firewalls \| Zyxel Networks	CONFIRM	www.zyxel.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

731144 Zyxel ATP Firewall OS Command Injection Vulnerability (CVE-2023-28771)