← Back

CVE-2023-33011

nvd nist
Published: Jul 17, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: security@zyxel.com.tw (Secondary)

Description

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.

Affected (22)

Zyxel
22 products
Usg 2200 Vpn Firmware
Usg Flex 100 Firmware
Usg Flex 100w Firmware
Usg Flex 200 Firmware
Usg Flex 50 Firmware
Usg Flex 500 Firmware
Usg Flex 50w Firmware
Usg Flex 700 Firmware
Zywall Vpn100 Firmware
Zywall Vpn2s Firmware
Zywall Vpn300 Firmware
Zywall Vpn50 Firmware
Zywall Vpn 100 Firmware
Zywall Vpn 300 Firmware
Zywall Vpn 50 Firmware
Usg 20w Vpn Firmware
Zywall Atp100 Firmware
Zywall Atp100w Firmware
Zywall Atp200 Firmware
Zywall Atp500 Firmware
Zywall Atp700 Firmware
Zywall Atp800 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg 2200 Vpn Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Usg 2200 Vpn
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 100 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Usg Flex 100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 100w Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Usg Flex 100w
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 200 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Usg Flex 200
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 50 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Usg Flex 50
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 500 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Usg Flex 500
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 50w Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Usg Flex 50w
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg Flex 700 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Usg Flex 700
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn100 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Vpn100
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn2s Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Vpn2s
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn300 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Vpn300
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn50 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Vpn50
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn 100 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Vpn 100
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn 300 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Vpn 300
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Vpn 50 Firmware
From 5.00 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Vpn 50
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Usg 20w Vpn Firmware
From 5.10 to 5.37
Running on/withPlatform Versions
Zyxel
Usg 20w Vpn
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Atp100 Firmware
From 5.10 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Atp100
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Atp100w Firmware
From 5.10 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Atp100w
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Atp200 Firmware
From 5.10 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Atp200
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Atp500 Firmware
From 5.10 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Atp500
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Atp700 Firmware
From 5.10 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Atp700
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Zywall Atp800 Firmware
From 5.10 to 5.37
Running on/withPlatform Versions
Zyxel
Zywall Atp800
All versions

Related CWEs

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (2)

Source: security@zyxel.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.