Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Zyxel Firewalls
Alerts

Critical Vulnerability in Zyxel Firewalls

23 May 2023

Zyxel has released security updates to address a critical vulnerability (CVE-2023-28771) affecting their firewall products. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. The proof of concept (PoC) exploit script is reportedly publicly available.

Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute Operating System (OS) commands remotely by sending crafted packets to an affected device.

The vulnerability affects the following product versions:

  • Zyxel ATP, USG FLEX, and VPN firewalls running ZLD v4.60 to v5.35

  • Zyxel ZyWALL, USG gateways/firewalls running ZLD v4.60 to v4.73

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
https://nvd.nist.gov/vuln/detail/CVE-2023-28771
https://www.helpnetsecurity.com/2023/05/22/cve-2023-28771/

Back to top