Published on 23 May 2023 | Updated on 23 May 2023
Zyxel has released security updates to address a critical vulnerability (CVE-2023-28771) affecting their firewall products. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. The proof of concept (PoC) exploit script is reportedly publicly available.
Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute Operating System (OS) commands remotely by sending crafted packets to an affected device.
The vulnerability affects the following product versions:
Users and administrators of affected product versions are advised to update to the latest versions immediately.
More information is available here:
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
https://nvd.nist.gov/vuln/detail/CVE-2023-28771
https://www.helpnetsecurity.com/2023/05/22/cve-2023-28771/