TROYANOSYVIRUS
Voltar para CVEs

CVE-2023-33010

CRITICALCISA KEV
9.8

Descricao

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/24/2023
Ultima modificacao10/27/2025
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorZyxel
ProdutoMultiple Firewalls
Nome da vulnerabilidadeZyxel Multiple Firewalls Buffer Overflow Vulnerability
Data inclusao KEV2023-06-05
Prazo de remediacao2023-06-26
Uso em ransomwareUnknown

Produtos afetados

zyxel:atp100zyxel:atp100_firmwarezyxel:atp100wzyxel:atp100w_firmwarezyxel:atp200zyxel:atp200_firmwarezyxel:atp500zyxel:atp500_firmwarezyxel:atp700zyxel:atp700_firmwarezyxel:atp800zyxel:atp800_firmwarezyxel:usg20-vpnzyxel:usg20-vpn_firmwarezyxel:usg_20w-vpnzyxel:usg_20w-vpn_firmwarezyxel:usg_40zyxel:usg_40_firmwarezyxel:usg_40wzyxel:usg_40w_firmwarezyxel:usg_60zyxel:usg_60_firmwarezyxel:usg_60wzyxel:usg_60w_firmwarezyxel:usg_flex_100zyxel:usg_flex_100_firmwarezyxel:usg_flex_100wzyxel:usg_flex_100w_firmwarezyxel:usg_flex_200zyxel:usg_flex_200_firmwarezyxel:usg_flex_50zyxel:usg_flex_500zyxel:usg_flex_500_firmwarezyxel:usg_flex_50_firmwarezyxel:usg_flex_50wzyxel:usg_flex_50w_firmwarezyxel:usg_flex_700zyxel:usg_flex_700_firmwarezyxel:vpn100zyxel:vpn1000zyxel:vpn1000_firmwarezyxel:vpn100_firmwarezyxel:vpn300zyxel:vpn300_firmwarezyxel:vpn50zyxel:vpn50_firmware

Fraquezas (CWE)

CWE-120CWE-120

Referencias

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls(security@zyxel.com.tw)
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.