VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 17, 2023· Updated Nov 7, 2024

CVE-2023-28767

CVE-2023-28767

Description

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36,

USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated LAN attacker can inject OS commands via configuration parser in Zyxel firewalls when cloud management mode is enabled.

Vulnerability

The configuration parser in Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36 fails to sanitize user-controlled input. This allows an unauthenticated, LAN-based attacker to inject operating system (OS) commands into the device configuration data when the cloud management mode is enabled [1].

Exploitation

An attacker with LAN access and no authentication can craft malicious configuration data. The attack requires the cloud management mode to be enabled on the affected device. The attacker does not need any prior access or user interaction [1].

Impact

Successful exploitation enables the attacker to execute arbitrary OS commands on the device. This can lead to full compromise of the firewall, including data exfiltration, further network attacks, and persistent control [1].

Mitigation

Zyxel has released firmware patches to address this vulnerability. Users should update to the latest firmware versions as specified in the security advisory [1]. No workaround is documented; disabling cloud management mode may reduce exposure if patching is delayed.

References
  1. Zyxel security advisory for multiple vulnerabilities in firewalls and WLAN controllers | Zyxel Networks

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Zyxel/VPN seriesllm-fuzzy2 versions
    5.00 to 5.36+ 1 more
    • (no CPE)range: 5.00 to 5.36
    • (no CPE)range: 5.00 through 5.36
  • Zyxel/ATP seriesllm-fuzzy2 versions
    5.10 to 5.36+ 1 more
    • (no CPE)range: 5.10 to 5.36
    • (no CPE)range: 5.10 through 5.36
  • Zyxel/USG FLEX seriesllm-fuzzy3 versions
    5.00 to 5.36+ 2 more
    • (no CPE)range: 5.00 to 5.36
    • (no CPE)range: 5.10 through 5.36
    • (no CPE)range: 5.00 through 5.36
  • Zyxel/USG20(W)-VPN seriesllm-fuzzy2 versions
    5.10 to 5.36+ 1 more
    • (no CPE)range: 5.10 to 5.36
    • (no CPE)range: 5.10 through 5.36

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.