CVE-2023-28771: Zyxel Multiple Firewalls OS Command Injection
Zyxel Multiple Firewalls OS Command Injection Vulnerability. Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
- CISA KEV-listed (remediation due 2023-06-21)
- EPSS 94.3% (100.0% percentile)