Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-33010
HistoryMay 24, 2023 - 1:15 p.m.

CVE-2023-33010

2023-05-2413:15:09
CWE-120
[email protected]
web.nvd.nist.gov
345
In Wild
cve
2023
33010
buffer overflow
zyxel atp
usg
firmware
vulnerability
dos
remote code execution
nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.3%

JSON

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Affected configurations

NVD
Node
zyxelatp100_firmwareRange4.325.36
OR
zyxelatp100_firmwareMatch5.36-
OR
zyxelatp100_firmwareMatch5.36patch1
AND
zyxelatp100Match-
Node
zyxelatp200_firmwareRange4.325.36
OR
zyxelatp200_firmwareMatch5.36-
OR
zyxelatp200_firmwareMatch5.36patch1
AND
zyxelatp200Match-
Node
zyxelatp500_firmwareRange4.325.36
OR
zyxelatp500_firmwareMatch5.36-
OR
zyxelatp500_firmwareMatch5.36patch1
AND
zyxelatp500Match-
Node
zyxelatp100w_firmwareRange4.325.36
OR
zyxelatp100w_firmwareMatch5.36-
OR
zyxelatp100w_firmwareMatch5.36patch1
AND
zyxelatp100wMatch-
Node
zyxelatp700_firmwareRange4.325.36
OR
zyxelatp700_firmwareMatch5.36-
OR
zyxelatp700_firmwareMatch5.36patch1
AND
zyxelatp700Match-
Node
zyxelatp800_firmwareRange4.325.36
OR
zyxelatp800_firmwareMatch5.36-
OR
zyxelatp800_firmwareMatch5.36patch1
AND
zyxelatp800Match-
Node
zyxelusg_flex_100_firmwareRange4.505.36
OR
zyxelusg_flex_100_firmwareMatch5.36-
OR
zyxelusg_flex_100_firmwareMatch5.36patch1
AND
zyxelusg_flex_100Match-
Node
zyxelusg_flex_50_firmwareMatch5.36-
OR
zyxelusg_flex_50_firmwareMatch5.36patch1
AND
zyxelusg_flex_50Match-
Node
zyxelusg_flex_200_firmwareRange4.505.36
OR
zyxelusg_flex_200_firmwareMatch5.36-
OR
zyxelusg_flex_200_firmwareMatch5.36patch1
AND
zyxelusg_flex_200Match-
Node
zyxelusg_flex_500_firmwareRange4.505.36
OR
zyxelusg_flex_500_firmwareMatch5.36-
OR
zyxelusg_flex_500_firmwareMatch5.36patch1
AND
zyxelusg_flex_500Match-
Node
zyxelusg_flex_700_firmwareRange4.505.36
OR
zyxelusg_flex_700_firmwareMatch5.36-
OR
zyxelusg_flex_700_firmwareMatch5.36patch1
AND
zyxelusg_flex_700Match-
Node
zyxelusg_flex_100_firmwareRange4.505.36
OR
zyxelusg_flex_100w_firmwareMatch5.36-
OR
zyxelusg_flex_100w_firmwareMatch5.36patch1
AND
zyxelusg_flex_100wMatch-
Node
zyxelusg_flex_50w_firmwareRange4.255.36
OR
zyxelusg_flex_50w_firmwareMatch5.36-
OR
zyxelusg_flex_50w_firmwareMatch5.36patch1
AND
zyxelusg_flex_50wMatch-
Node
zyxelusg_20w-vpn_firmwareMatch5.36-
OR
zyxelusg_20w-vpn_firmwareMatch5.36patch1
AND
zyxelusg_20w-vpnMatch-
Node
zyxelvpn100_firmwareRange4.305.36
OR
zyxelvpn100_firmwareMatch5.36-
OR
zyxelvpn100_firmwareMatch5.36patch1
AND
zyxelvpn100Match-
Node
zyxelvpn50_firmwareRange4.305.36
OR
zyxelvpn50_firmwareMatch5.36-
OR
zyxelvpn50_firmwareMatch5.36patch1
AND
zyxelvpn50Match-
Node
zyxelvpn300_firmwareRange4.305.36
OR
zyxelvpn300_firmwareMatch5.36-
OR
zyxelvpn300_firmwareMatch5.36patch1
AND
zyxelvpn300Match-
Node
zyxelvpn1000_firmwareRange4.305.36
OR
zyxelvpn1000_firmwareMatch5.36-
OR
zyxelvpn1000_firmwareMatch5.36patch1
AND
zyxelvpn1000Match-
Node
zyxelusg20-vpn_firmwareRange4.305.36
OR
zyxelusg20-vpn_firmwareMatch5.36-
OR
zyxelusg20-vpn_firmwareMatch5.36patch1
AND
zyxelusg20-vpnMatch-
Node
zyxelusg_40_firmwareRange4.254.73
OR
zyxelusg_40_firmwareMatch4.73-
OR
zyxelusg_40_firmwareMatch4.73patch1
AND
zyxelusg_40Match-
Node
zyxelusg_40w_firmwareRange4.254.73
OR
zyxelusg_40w_firmwareMatch4.73-
OR
zyxelusg_40w_firmwareMatch4.73patch1
AND
zyxelusg_40wMatch-
Node
zyxelusg_60w_firmwareRange4.254.73
OR
zyxelusg_60w_firmwareMatch4.73-
OR
zyxelusg_60w_firmwareMatch4.73patch1
AND
zyxelusg_60wMatch-
Node
zyxelusg_60_firmwareRange4.254.73
OR
zyxelusg_60_firmwareMatch4.73-
OR
zyxelusg_60_firmwareMatch4.73patch1
AND
zyxelusg_60Match-

CNA Affected

[
  {
    "vendor": "Zyxel",
    "product": "ATP series firmware",
    "versions": [
      {
        "version": "4.32 through 5.36 Patch 1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG FLEX series firmware",
    "versions": [
      {
        "version": "4.50 through 5.36 Patch 1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG FLEX 50(W) firmware",
    "versions": [
      {
        "version": "4.25 through 5.36 Patch 1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "USG20(W)-VPN firmware",
    "versions": [
      {
        "version": "4.25 through 5.36 Patch 1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "VPN series firmware",
    "versions": [
      {
        "version": "4.30 through 5.36 Patch 1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Zyxel",
    "product": "ZyWALL/USG series firmware",
    "versions": [
      {
        "version": "4.25 through 4.73 Patch 1",
        "status": "affected"
      }
    ]
  }
]

Related

cvelist 1
cisa_kev 1
attackerkb 1
prion 1
nvd 1
thn 4
nessus 1
malwarebytes 1
rapid7blog 1
cvelist
cvelist
CVE-2023-33010
2023-05-24 00:00:00
cisa_kev
cisa_kev
Zyxel Multiple Firewalls Buffer Overflow Vulnerability
2023-06-05 00:00:00
attackerkb
attackerkb
CVE-2023-33010
2023-05-24 00:00:00
prion
prion
Buffer overflow
2023-05-24 13:15:00
nvd
nvd
CVE-2023-33010
2023-05-24 13:15:09
thn
thn
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
2023-11-16 06:06:00
Zyxel Issues Critical Security Patches for Firewall and VPN Products
2023-05-25 14:43:00
Zyxel Releases Urgent Security Updates for Critical Vulnerability in NAS Devices
2023-06-20 12:12:00
nessus
nessus
Zyxel USG < 4.35 / ATP < 4.35 / VPN < 4.35 / ZyWALL < 4.35 (RCE) (CVE-2020-9054)
2023-05-26 00:00:00
malwarebytes
malwarebytes
Zyxel patches two critical vulnerabilities
2023-05-26 15:00:00
rapid7blog
rapid7blog
Widespread Exploitation of Zyxel Network Devices
2023-05-31 14:11:17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.3%

JSON
Related for CVE-2023-33010
cvelist1cisa_kev1attackerkb1prion1nvd1thn4nessus1malwarebytes1rapid7blog1