CVE-2023-33009
Zyxel Multiple Firewalls Buffer Overflow Vulnerability
CVSS
—
No CVSS
EPSS
28.1%
p98
KEV
YES
Jun 5, 2023
Exploit Today
79
0-100
Published: — · Last modified: —
Product
Zyxel / Multiple Firewalls
Vulnerability
Zyxel Multiple Firewalls Buffer Overflow Vulnerability
Added to KEV
Jun 5, 2023
Remediate by
Jun 26, 2023
Known ransomware use
No
Summary description
Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.
Required action
Apply updates per vendor instructions.
Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-33009