VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 24, 2023· Updated Feb 4, 2025

CVE-2023-27991

CVE-2023-27991

Description

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Post-authentication command injection in Zyxel firewall CLI (ATP, USG FLEX, VPN) versions up to 5.35 allows authenticated attackers to execute OS commands remotely.

Vulnerability

A post-authentication command injection vulnerability exists in the CLI command of Zyxel ATP (ZLD V4.32~V5.35), USG FLEX (ZLD V4.50~V5.35), USG FLEX 50(W)/USG20(W)-VPN (ZLD V4.16~V5.35), and VPN (ZLD V4.30~V5.35) series firewalls [1]. This allows an authenticated attacker to inject OS commands through the CLI interface [1].

Exploitation

An attacker must be authenticated to the firewall and have network access to the device (WAN access is disabled by default) [1]. The attacker can then execute crafted CLI commands to inject arbitrary OS commands [1].

Impact

Successful exploitation enables the attacker to execute arbitrary OS commands on the affected device, potentially leading to full system compromise [1].

Mitigation

Zyxel has released firmware ZLD V5.36 for all affected series to address this vulnerability [1]. Users are advised to upgrade to the fixed version [1].

References
  1. Zyxel security advisory for XSS vulnerability and post-authentication command injection vulnerability in firewalls | Zyxel Networks

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Zyxel/USG FLEX 50(W)llm-fuzzy
    Range: >=4.16, <=5.35
  • Zyxel/ATP seriesllm-fuzzy2 versions
    >=4.32, <=5.35+ 1 more
    • (no CPE)range: >=4.32, <=5.35
    • (no CPE)range: 4.32 through 5.35
  • Zyxel/USG FLEX seriesllm-fuzzy2 versions
    >=4.50, <=5.35+ 1 more
    • (no CPE)range: >=4.50, <=5.35
    • (no CPE)range: 4.50 through 5.35
  • Zyxel/USG20(W)-VPN firmwarev5
    Range: 4.16 through 5.35
  • Zyxel/USG FLEX 50(W) firmwarev5
    Range: 4.16 through 5.35
  • Zyxel/VPN seriescpe-rescue
    Range: 4.30 through 5.35

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.