Input Validation Flaw in Zyxel Firewall Firmware
CVE-2023-28767

8.8HIGH

Key Information:

Vendor: Zyxel
Status: Atp Series Firmware; Usg Flex Series Firmware; Usg Flex 50(w) Series Firmware; Usg20(w)-vpn Series Firmware
Vendor: CVE Published:; 17 July 2023

What is CVE-2023-28767?

A vulnerability exists in the configuration parser of Zyxel's firewall firmware that fails to adequately sanitize user-controlled input. This issue affects multiple firmware versions across the Zyxel ATP and USG FLEX series. An unauthenticated attacker on the local network could exploit this weakness when cloud management mode is enabled, allowing for the injection of operating system commands into the device’s configuration data, potentially compromising device integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ATP series firmware 5.10 through 5.36

USG FLEX 50(W) series firmware 5.10 through 5.36

USG FLEX series firmware 5.00 through 5.36

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2023
Vulnerability Reserved
Mar 23, 2023

JSON

Zyxel

What is CVE-2023-28767?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.