SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Zyxel Patches Remote Code Execution Bug in Firewall Products

Taiwanese networking vendor Zyxel confirms security flaws in firewall and access points put users at risk of remote code execution attacks.

Taiwanese networking device maker Zyxel has rolled out patches for multiple defects in its firewall and access point products alongside warnings that unpatched systems are at risk of remote code execution attacks.

Zyxel, a company that has struggled with software security problems, documented at least four vulnerabilities that expose businesses to code execution, command injection and denial-of-service exploitation.

Basic details from Zyxel’s advisory:

CVE-2023-6397 — A null pointer dereference vulnerability in some firewall versions could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.

CVE-2023-6398 — A post-authentication command injection vulnerability in the file upload binary in some firewall and AP versions could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.

CVE-2023-6399 — A format string vulnerability in some firewall versions could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.

Advertisement. Scroll to continue reading.

CVE-2023-6764 — A format string vulnerability in a function of the IPSec VPN feature in some firewall versions could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.

Zyxel released patches and hotfixes for multiple firewall and access point products and urged users to apply mitigations with urgency.

Security problems in Zyxel products feature prominents in the CISA KEV (Known Exploited Vulnerabilities) catalog and the company has acknowledged its devices have been commandeered for use in multiple DDoS-capable botnets.

Related: Major Security Flaws in Zyxel Firewalls, NAS Devices

Related: Zyxel: Patch Firewalls Against Exploited Vulnerabilities

Related: Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability

Related: Zyxel Warns Customers of Attacks on Security Appliances

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Third-Party Risk in Practice
June 4, 2026

Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Silvio Pappalardo has joined AuthMind as Chief Revenue Officer.

iCOUNTER has appointed Lisa Hayashi as CMO and Bob Kalchthaler as CFO.

Thomas Bain has been appointed Chief Marketing Officer at Silent Push.

More People On The Move

Expert Insights

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.