CVE-2023-28771

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device. Vendor/Product: Zyxel Multiple Firewalls. Added to CISA KEV 2023-05-31; required action: Apply updates per vendor instructions.