CVE-2023-28771

9.8

CVSS
Critical

PUBLISHED

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG...

Exploited in the wild Remote Low complexity No user interaction

Vendor: Zyxel
Product: ZyWALL/USG series firmware, VPN series firmware, USG FLEX series firmware, ATP series firmware
Published: Apr 25, 2023
EPSS: —

Description

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

cisa edge metasploit

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-05-31 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	May 31, 2023

Scanner integrations

Scanner	Reference	Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/zyxel_ike_decoder_rce_cve_2023_28771.rb	Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

zyxel_ike_decoder_rce_cve_2023_28771

metasploit · Created Unknown

Metasploit module for CVE-2023-28771

benjaminhays/CVE-2023-28771-PoC

github · Created 2023-05-23 02:37:39 UTC · 28 stars

PoC for CVE-2023-28771 based on Rapid7's excellent writeup

Vulnerability detail