← Back

CVE-2023-28771

nvd nist
Published: Apr 25, 2023Modified: Oct 27, 2025CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD (Secondary)

Description

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Affected (21)

Zyxel
19 products
Atp100 Firmware
Atp100w Firmware
Atp200 Firmware
Atp500 Firmware
Atp700 Firmware
Atp800 Firmware
Usg Flex 100 Firmware
Usg Flex 100w Firmware
Usg Flex 200 Firmware
Usg Flex 50 Firmware
Usg Flex 500 Firmware
Usg Flex 50w Firmware
Usg Flex 700 Firmware
Vpn100 Firmware
Vpn1000 Firmware
Vpn300 Firmware
Vpn50 Firmware
Zywall Usg 310 Firmware
Zywall Usg 100 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp100 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Atp100
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp100w Firmware
From 4.60 to 5.35
Running on/withPlatform Versions
Zyxel
Atp100w
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp200 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Atp200
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp500 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Atp500
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp700 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Atp700
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Atp800 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Atp800
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 100 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Usg Flex 100
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 100w Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Usg Flex 100w
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 200 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Usg Flex 200
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 50 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Usg Flex 50
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 500 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Usg Flex 500
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 50w Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Usg Flex 50w
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 700 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Usg Flex 700
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vpn100 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Vpn100
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vpn1000 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Vpn1000
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vpn300 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Vpn300
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Vpn50 Firmware
From 4.60 to 5.36
Running on/withPlatform Versions
Zyxel
Vpn50
All versions
Configuration R
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zyxel
Zywall Usg 310 Firmware
From 4.60 to 4.73
Zywall Usg 310 Firmware
Version 4.73
Running on/withPlatform Versions
Zyxel
Zywall Usg 310
All versions
Configuration S
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zyxel
Zywall Usg 100 Firmware
From 4.60 to 4.73
Zywall Usg 100 Firmware
Version 4.73
Running on/withPlatform Versions
Zyxel
Zywall Usg 100
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (5)

Source: security@zyxel.com.tw
ExploitThird Party Advisory
Source: security@zyxel.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.