CVE-2023-28771CISA KEVEPSS p99.9%

CVE-2023-28771Zyxel Multiple Firewalls OS Command Injection Vulnerability

Zyxel / Multiple Firewalls

Description

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

Scoring

EPSS99.28% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2023-05-31

(incoming)1

TypeTargetConfidenceTier
KEVEntryZyxel Multiple Firewalls OS Command Injection Vulnerabilitykev-cve-2023-287710%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Zyxel Multiple NAS Devices Command Injection Vulnerability
CVE
Zyxel Multiple Firewalls Buffer Overflow Vulnerability
CVE
Zyxel Multiple NAS Devices OS Command Injection Vulnerability
CVE
Zyxel DSL CPE OS Command Injection Vulnerability
CVE
CVE-2025-8693
CVE
Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.