Vulnerability — CVE-2023-28771

CVE-2023-28771

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-28771
Description:: Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
Last updated date:: 06/09/2023

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/31/2023
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 05/23/2023
Reference url to background: https://github.com/BenHays142/CVE-2023-28771-PoC

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/03/2023
Reference url to background: https://github.com/WhiteOwl-Pub/PoC-CVE-2023-28771

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/09/2023
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/zyxel_ike_decoder_rce_cve_2023_28771.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/09/2023
Reference url to background: http://packetstormsecurity.com/files/172820/Zyxel-IKE-Packet-Decoder-Unauthenticated-Remote-Code-Execution.html