Severity
High
Analysis Summary
CVE-2023-33010 CVSS:9.8
Multiple Zyxel devices are vulnerable to a buffer overflow, caused by improper bounds checking by the ID processing function. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVE-2023-33009 CVSS:9.8
Multiple Zyxel devices are vulnerable to a buffer overflow, caused by improper bounds checking by the notification function. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
Impact
- Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2023-33010
- CVE-2023-33009
Affected Vendors
Zyxel
Affected Products
- Zyxel ATP ZLD 4.32
- Zyxel USG FLEX ZLD 4.50
- Zyxel VPN ZLD 4.30
- Zyxel ATP 5.36 Patch 1
- Zyxel USG FLEX 5.36 Patch 1
- Zyxel USG FLEX 50(W) / USG20(W)-VPN 5.36 Patch 1
- Zyxel USG FLEX 50(W) / USG20(W)-VPN 4.25
- Zyxel VPN 5.36 Patch 1
- Zyxel ZyWALL/USG 4.25
- Zyxel ZyWALL/USG 4.73 Patch 1
Remediation
Refer to Zyxel Web site for patch, upgrade or suggested workaround information.