⚠ Actively exploited
Added to CISA KEV on 2023-05-31. Federal agencies required to patch by 2023-06-21. Required action: Apply updates per vendor instructions..

CVE-2023-28771OS Command Injection in Zyxel Atp100 Firmware

CWE-78OS Command Injection9 documents9 sources
Severity
9.8CRITICALNVD
EPSS
94.3%
top 0.04%
CISA KEV
KEV
Added 2023-05-31
Due 2023-06-21
Exploit
Exploited in wild
Active exploitation observed
Affected products
23
Zyxel Atp100 FirmwareZyxel Atp100w FirmwareZyxel Atp200 Firmware+20 more
Timeline
PublishedApr 25
KEV addedMay 31
KEV dueJun 21
Latest updateJun 20
CISA Required Action: Apply updates per vendor instructions.

Description

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages23 packages

CVEListV5zyxel/usg_flex_series_firmware4.60 through 5.35
CVEListV5zyxel/zywall_usg_series_firmware4.60 through 4.73
CVEListV5zyxel/atp_series_firmware4.60 through 5.35
CVEListV5zyxel/vpn_series_firmware4.60 through 5.35
NVDzyxel/usg_flex_50_firmware4.605.36

🔴Vulnerability Details

3
GHSA
GHSA-3xvp-8qg2-x43w: Improper error message handling in Zyxel ZyWALL/USG series firmware versions 42023-04-25
CVEList
CVE-2023-28771: Improper error message handling in Zyxel ZyWALL/USG series firmware versions 42023-04-25
VulnCheck
Zyxel Multiple Firewalls OS Command Injection Vulnerability2023

💥Exploits & PoCs

1
Nuclei
Unauthenticated ZyXEL USG ZTP - Detect

🔍Detection Rules

1
Suricata
ET EXPLOIT Zyxel ZyWALL/USG OS Command Injection (CVE-2023-28771)2025-06-20

📋Vendor Advisories

1
CISA
Zyxel Multiple Firewalls OS Command Injection Vulnerability2023-05-31

🕵️Threat Intelligence

1
Fortinet
DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771 | FortiGuard Labs2023-07-19
CVE-2023-28771 — OS Command Injection in Zyxel | cvebase