Researchers have discovered a critical remote code execution vulnerability, tracked as CVE-2023-28771 with a CVSS score 9.8 impacting Zyxel Firewall.
The vulnerability is an improper error message handling in Zyxel in below
- ZyWALL/USG series firmware versions 4.60 through 4.73
- VPN series firmware versions 4.60 through 5.35
- USG FLEX series firmware versions 4.60 through 5.35
- ATP series firmware versions 4.60 through 5.35.
A remote, unauthenticated attacker can trigger the flaw by sending specially crafted packets to a vulnerable device and executing some OS commands remotely.
Zyxel also fixed a high-severity post-authentication command injection issue tracked as CVE-2023-27991, with a CVSS score: 8.8, affecting some specific firewall versions. The vulnerability resides in the CLI command of below
- Zyxel ATP series firmware versions 4.32 through 5.35
- USG FLEX series firmware versions 4.50 through 5.35
- USG FLEX 50(W) firmware versions 4.16 through 5.35
- USG20(W)-VPN firmware versions 4.16 through 5.35
- VPN series firmware versions 4.30 through 5.35
The vulnerability can be exploited by a remote, authenticated attacker to execute some OS commands.
The last vulnerability addressed is an XSS vulnerability, tracked as CVE-2023-27990, that affects some firewall versions. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.
Zyxel has released security patches to address the vulnerability and urges customers to install them.
For More info : link