This indicates an attack attempt to exploit an OS Command Injection vulnerability in multiple Zyxel firmwares.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary commands within the context of the system.

description-logoOutbreak Alert

Multiple critical vulnerabilities affecting various Zyxel devices have been seen exploited in the wild. The attackers are observed deploying Mirai like botnet inducing denial of service conditions. One of the vulnerability, CVE-2023-28771 which allows unauthenticated attackers to execute OS commands remotely has a publicly available proof of concept (PoC).

View the full Outbreak Alert Report

affected-products-logoAffected Products

Zyxel ZyWALL/USG ZLD version 4.60 to 4.73
Zyxel ATP ZLD version 4.60 to 5.35
Zyxel USG FLEX ZLD version 4.60 to 5.35
Zyxel VPN ZLD version 4.60 to 5.35

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-07-18 25.604 Sig Added
2023-07-18 25.603 Sig Added
2023-07-18 25.602 Sig Added
2023-06-12 24.574 Default_action:pass:drop
2023-06-06 23.571