CVSS 3.1 Score 8.8 of 10 (high)


Published Jul 17, 2023
Updated: Jul 26, 2023


CVE-2023-28767 is a vulnerability that affects the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. This vulnerability allows an unauthenticated attacker on the local area network (LAN) to inject operating system (OS) commands into the device configuration data when cloud management mode is enabled. The potential danger of this vulnerability lies in the ability for an attacker to execute arbitrary commands on affected devices, which can lead to unauthorized access, data breaches, and disruption of services within an organization using these products. Users are advised to update their firmware to versions beyond the vulnerable range to remediate this issue and enhance the security of their systems and networks.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-28767 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options