Cybersecurity Alerts

Zyxel Multiple Firewalls OS Command Injection Vulnerability

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-78

References

• https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
• https://nvd.nist.gov/vuln/detail/CVE-2023-28771