CVE-2023-33010
CVE-2023-33010
In short
A buffer overflow flaw in Zyxel firewall devices allows attackers to crash the device or take control of it by sending specially crafted data to the ID processing function, without needing to log in first.
Technical detail
CWE-120 buffer overflow in the ID processing function across multiple Zyxel ATP, USG FLEX, USG, and VPN series firmware versions (4.25-5.36 Patch 1) permits unauthenticated remote attackers to trigger denial-of-service or achieve remote code execution via malformed input that overflows memory buffers.
Summary generated and translated by AI from the official description.
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Zyxel · ATP series firmwareZyxel · USG20(W)-VPN firmwareZyxel · USG FLEX 50(W) firmwareZyxel · USG FLEX series firmwareZyxel · VPN series firmwareZyxel · ZyWALL/USG series firmwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →