CVE-2023-28771

Name of the Vulnerable Software and Affected Versions Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73 Zyxel VPN series firmware versions 4.60 through 5.35 Zyxel USG FLEX series firmware versions 4.60 through 5.35 Zyxel ATP series firmware versions 4.60 through 5.35

Description The issue is related to improper error message handling, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. This vulnerability has been exploited by several distributed denial-of-service (DDoS) botnets, including Mirai botnets, and has been used in real-world incidents, such as the cyber attacks targeting Denmark's energy sector in 2023. The estimated number of potentially affected devices worldwide is not specified, but it is known that Zyxel firewalls are widely used by organizations. Technical details about exploitation include the use of UDP port 500 and the execution of arbitrary system commands.

Recommendations For Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, update to a version outside of this range. For Zyxel VPN series firmware versions 4.60 through 5.35, update to a version outside of this range. For Zyxel USG FLEX series firmware versions 4.60 through 5.35, update to a version outside of this range. For Zyxel ATP series firmware versions 4.60 through 5.35, update to a version outside of this range. As a temporary workaround, consider restricting access to UDP port 500 to minimize the risk of exploitation.