CVE-2023-33010
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Affected (66)
Products: Zyxel: Atp100 Firmware, Atp200 Firmware, Atp500 Firmware, Atp100w Firmware, Atp700 Firmware, Atp800 Firmware, Usg Flex 100 Firmware, Usg Flex 50 Firmware, Usg Flex 200 Firmware, Usg Flex 500 Firmware, Usg Flex 700 Firmware, Usg Flex 100w Firmware, Usg Flex 50w Firmware, Usg 20w Vpn Firmware, Vpn100 Firmware, Vpn50 Firmware, Vpn300 Firmware, Vpn1000 Firmware, Usg20 Vpn Firmware, Usg 40 Firmware, Usg 40w Firmware, Usg 60w Firmware, Usg 60 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.32 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Atp100 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.32 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Atp200 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.32 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Atp500 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.32 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Atp100w | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.32 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Atp700 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.32 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Atp800 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg Flex 100 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg Flex 50 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.50 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg Flex 200 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.50 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg Flex 500 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.50 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg Flex 700 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.50 to 5.36 | |
| Version 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg Flex 100w | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.25 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg Flex 50w | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg 20w Vpn | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.30 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Vpn100 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.30 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Vpn50 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.30 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Vpn300 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.30 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Vpn1000 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.30 to 5.36 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg20 Vpn | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.25 to 4.73 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg 40 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.25 to 4.73 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg 40w | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.25 to 4.73 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg 60w | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| From 4.25 to 4.73 |
| Running on/with | Platform Versions |
|---|---|
Zyxel Usg 60 | All versions |
References (3)
Source: security@zyxel.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Timeline
No history available yet.