Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

The remote host is a Zyxel device that is affected by a remote command injection vulnerability. A remote, unauthenticated attacker can exploit this issue, via a specially crafted IKEv2 request, to execute commands on the remote host.

Firmware version of the Zyxel USG, ATP, or VPN is less than 5.36 or the version of Zyxel ZyWall is less than 4.73 Patch 1. This Zyxel device firmware contains improper error message handling logic which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
176238	Zyxel Command Injection (CVE-2023-28771) (Direct Check)	Nessus	Firewalls	critical
176216	Zyxel USG < 5.36 / ATP < 5.36 / VPN < 5.36 / ZyWALL < 4.73 Patch 1 (RCE) (CVE-2023-28771)	Nessus	Firewalls	critical

Detections

Analytics

CVE-2023-28771

critical

Tenable Plugins

critical

critical