Network equipment manufacturer Zyxel has released fixes for a critical vulnerability in its firewalls. The issue, discovered by TRAPA Security specialists, was identified as CVE-2023-28771 and had a rating of 9.8 out of 10 on the CVSS vulnerability rating scale. The vulnerability was related to the incorrect handling of error messages in some versions of the firewall and allowed an unauthenticated attacker to remotely execute commands by sending custom packets to a vulnerable device.
The affected versions of the firewall include ATP (ZLD versions V4.60 to V5.35, fixed in ZLD V5.36), USG FLEX (ZLD versions V4.60 to V5.35, fixed in ZLD V5.36), VPN (ZLD V4.60 to V5.35, fixed in ZLD V5.36) and ZyWALL/USG (ZLD V4.60 to V4.73, fixed in ZLD V4.73 Patch 1). Users are advised to update their firewalls as soon as possible, as unpatched Zyxel devices are often targeted by intruders.
In addition to this issue, Zyxel has fixed another severe command injection vulnerability affecting some versions of the company’s firewalls (CVE-2023-27991, CVSS 8.8). The flaw allowed an authenticated attacker to execute some commands remotely and was fixed with the release of ZLD V5.36. The company also released fixes for five less dangerous vulnerabilities affecting a number of firewalls and access points (identifiers from CVE-2023-22913 to CVE-2023-22918). These bugs could lead to code execution and provoke a denial of service (DoS).
So far, the vulnerability has not been exploited for hacker attacks.
