A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after publishing a technical analysis and a PoC script that triggers the vulnerability and achieves a reverse root shell. About CVE-2023-28771 CVE-2023-28771 affects: Zyxel APT, USG FLEX, and VPN firewalls running versions v4.60 to v5.35 of the ZDL firmware, and Zyxel ZyWALL/USG gateways/firewalls running ZLD v4.60 to v4.73 These firewall devices monitor … More

The post Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) appeared first on Help Net Security.