CVE-2023-28771 Zyxel CVE debrief

Who should care

Security teams responsible for Zyxel firewalls, vulnerability management teams, SOC/incident response staff, and any organization that exposes Zyxel firewall management or related services.

Technical summary

The available source data identifies CVE-2023-28771 as an OS command injection vulnerability in Zyxel Multiple Firewalls. CISA’s KEV entry marks it as known exploited, with dateAdded 2023-05-31 and dueDate 2023-06-21. The corpus does not provide CVSS scoring or specific affected model/version details, so remediation should follow the Zyxel advisory and vendor update guidance.

Defensive priority

High. CISA KEV inclusion indicates known exploitation and an urgent need to patch or otherwise mitigate according to the vendor’s instructions.

Recommended defensive actions

• Apply Zyxel updates or mitigations exactly as described in the vendor security advisory.
• Inventory Zyxel firewall assets and verify which systems are affected.
• Prioritize exposed or internet-reachable firewall instances for immediate remediation.
• Review administrative and system logs for signs of unauthorized command execution or unexpected configuration changes.
• Validate that patching or mitigation was completed before the CISA KEV due date, and continue monitoring for follow-on compromise.

Evidence notes

This debrief is based only on the supplied CISA KEV entry, the official CVE record link, and the NVD record link referenced in the corpus. The KEV metadata states: vendorProject Zyxel, product Multiple Firewalls, vulnerabilityName 'Zyxel Multiple Firewalls OS Command Injection Vulnerability,' dateAdded 2023-05-31, dueDate 2023-06-21, and requiredAction 'Apply updates per vendor instructions.' The KEV notes also reference Zyxel’s advisory titled 'security advisory for remote command injection vulnerability of firewalls.'

Official resources