Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products. Unpatched, a threat actor could leverage the vulnerability without authentication. Here are the vulnerabilities:
CVE-2023-33009
A buffer overflow vulnerability in the notification function in some firewall versions could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
CVE-2023-33010
A buffer overflow vulnerability in the ID processing function in some firewall versions could allow an unauthenticated attacker to cause DoS conditions and even a remote code execution on an affected device.
Here’s a list of affected devices:
- Zyxel ATP firmware versions ZLD V4.32 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel USG FLEX firmware versions ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel USG FLEX50(W) / USG20(W)-VPN firmware versions ZLD V4.25 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel VPN firmware versions ZLD V4.30 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
- Zyxel ZyWALL/USG firmware versions ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2)
Zyxel has released patches for their firewalls. I’d strongly suggest installing them ASAP.
Related
This entry was posted on May 27, 2023 at 2:37 pm and is filed under Commentary with tags ZyXEL. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Zyxel Warns Of Critical Vulnerabilities In Firewall And VPN Devices
Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products. Unpatched, a threat actor could leverage the vulnerability without authentication. Here are the vulnerabilities:
CVE-2023-33009
A buffer overflow vulnerability in the notification function in some firewall versions could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
CVE-2023-33010
A buffer overflow vulnerability in the ID processing function in some firewall versions could allow an unauthenticated attacker to cause DoS conditions and even a remote code execution on an affected device.
Here’s a list of affected devices:
Zyxel has released patches for their firewalls. I’d strongly suggest installing them ASAP.
Share this:
Like this:
Related
This entry was posted on May 27, 2023 at 2:37 pm and is filed under Commentary with tags ZyXEL. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.