First published: Wed May 24 2023(Updated: )
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Credit: security@zyxel.com.tw security@zyxel.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Zyxel Multiple Network-Attached Storage (NAS) Devices | >=4.32<5.36 | |
Zyxel Multiple Network-Attached Storage (NAS) Devices | =5.36 | |
Zyxel Multiple Network-Attached Storage (NAS) Devices | =5.36-patch1 | |
Zyxel Multiple Network-Attached Storage (NAS) Devices | ||
Zyxel Atp200 Firmware | >=4.32<5.36 | |
Zyxel Atp200 Firmware | =5.36 | |
Zyxel Atp200 Firmware | =5.36-patch1 | |
Zyxel ATP200 | ||
Zyxel Atp500 Firmware | >=4.32<5.36 | |
Zyxel Atp500 Firmware | =5.36 | |
Zyxel Atp500 Firmware | =5.36-patch1 | |
Zyxel Atp500 | ||
Zyxel Atp100w Firmware | >=4.32<5.36 | |
Zyxel Atp100w Firmware | =5.36 | |
Zyxel Atp100w Firmware | =5.36-patch1 | |
Zyxel Atp100w | ||
Zyxel Atp700 Firmware | >=4.32<5.36 | |
Zyxel Atp700 Firmware | =5.36 | |
Zyxel Atp700 Firmware | =5.36-patch1 | |
Zyxel Atp700 | ||
Zyxel Atp800 Firmware | >=4.32<5.36 | |
Zyxel Atp800 Firmware | =5.36 | |
Zyxel Atp800 Firmware | =5.36-patch1 | |
Zyxel Atp800 | ||
Zyxel Usg Flex 100 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 100 Firmware | =5.36 | |
Zyxel Usg Flex 100 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 100 | ||
Zyxel Usg Flex 50 Firmware | =5.36 | |
Zyxel Usg Flex 50 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 50 | ||
Zyxel Usg Flex 200 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 200 Firmware | =5.36 | |
Zyxel Usg Flex 200 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 200 | ||
Zyxel Usg Flex 500 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 500 Firmware | =5.36 | |
Zyxel Usg Flex 500 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 500 | ||
Zyxel Usg Flex 700 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 700 Firmware | =5.36 | |
Zyxel Usg Flex 700 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 700 | ||
Zyxel Usg Flex 100w Firmware | =5.36 | |
Zyxel Usg Flex 100w Firmware | =5.36-patch1 | |
Zyxel Usg Flex 100w | ||
Zyxel Usg Flex 50w Firmware | >=4.25<5.36 | |
Zyxel Usg Flex 50w Firmware | =5.36 | |
Zyxel Usg Flex 50w Firmware | =5.36-patch1 | |
Zyxel Usg Flex 50w | ||
Zyxel Usg 20w-vpn Firmware | =5.36 | |
Zyxel Usg 20w-vpn Firmware | =5.36-patch1 | |
Zyxel Usg 20w-vpn | ||
Zyxel Vpn100 Firmware | >=4.30<5.36 | |
Zyxel Vpn100 Firmware | =5.36 | |
Zyxel Vpn100 Firmware | =5.36-patch1 | |
Zyxel Vpn100 | ||
Zyxel Vpn50 Firmware | >=4.30<5.36 | |
Zyxel Vpn50 Firmware | =5.36 | |
Zyxel Vpn50 Firmware | =5.36-patch1 | |
Zyxel Vpn50 | ||
Zyxel Vpn300 Firmware | >=4.30<5.36 | |
Zyxel Vpn300 Firmware | =5.36 | |
Zyxel Vpn300 Firmware | =5.36-patch1 | |
Zyxel Vpn300 | ||
Zyxel Multiple Network-Attached Storage (NAS) Devices | >=4.30<5.36 | |
Zyxel Multiple Network-Attached Storage (NAS) Devices | =5.36 | |
Zyxel Multiple Network-Attached Storage (NAS) Devices | =5.36-patch1 | |
Zyxel Multiple Network-Attached Storage (NAS) Devices | ||
Zyxel Usg20-vpn Firmware | >=4.30<5.36 | |
Zyxel Usg20-vpn Firmware | =5.36 | |
Zyxel Usg20-vpn Firmware | =5.36-patch1 | |
Zyxel Usg20-vpn | ||
Zyxel Usg 40 Firmware | >=4.25<4.73 | |
Zyxel Usg 40 Firmware | =4.73 | |
Zyxel Usg 40 Firmware | =4.73-patch1 | |
Zyxel Usg 40 | ||
Zyxel Usg 40w Firmware | >=4.25<4.73 | |
Zyxel Usg 40w Firmware | =4.73 | |
Zyxel Usg 40w Firmware | =4.73-patch1 | |
Zyxel Usg 40w | ||
Zyxel Usg 60w Firmware | >=4.25<4.73 | |
Zyxel Usg 60w Firmware | =4.73 | |
Zyxel Usg 60w Firmware | =4.73-patch1 | |
Zyxel Usg 60w | ||
Zyxel Usg 60 Firmware | >=4.25<4.73 | |
Zyxel Usg 60 Firmware | =4.73 | |
Zyxel Usg 60 Firmware | =4.73-patch1 | |
Zyxel Usg 60 | ||
Zyxel Multiple Firewalls | ||
All of | ||
Any of | ||
Zyxel Atp100 Firmware | >=4.32<5.36 | |
Zyxel Atp100 Firmware | =5.36 | |
Zyxel Atp100 Firmware | =5.36-patch1 | |
Zyxel Atp100 | ||
All of | ||
Any of | ||
Zyxel Atp200 Firmware | >=4.32<5.36 | |
Zyxel Atp200 Firmware | =5.36 | |
Zyxel Atp200 Firmware | =5.36-patch1 | |
Zyxel ATP200 | ||
All of | ||
Any of | ||
Zyxel Atp500 Firmware | >=4.32<5.36 | |
Zyxel Atp500 Firmware | =5.36 | |
Zyxel Atp500 Firmware | =5.36-patch1 | |
Zyxel Atp500 | ||
All of | ||
Any of | ||
Zyxel Atp100w Firmware | >=4.32<5.36 | |
Zyxel Atp100w Firmware | =5.36 | |
Zyxel Atp100w Firmware | =5.36-patch1 | |
Zyxel Atp100w | ||
All of | ||
Any of | ||
Zyxel Atp700 Firmware | >=4.32<5.36 | |
Zyxel Atp700 Firmware | =5.36 | |
Zyxel Atp700 Firmware | =5.36-patch1 | |
Zyxel Atp700 | ||
All of | ||
Any of | ||
Zyxel Atp800 Firmware | >=4.32<5.36 | |
Zyxel Atp800 Firmware | =5.36 | |
Zyxel Atp800 Firmware | =5.36-patch1 | |
Zyxel Atp800 | ||
All of | ||
Any of | ||
Zyxel Usg Flex 100 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 100 Firmware | =5.36 | |
Zyxel Usg Flex 100 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 100 | ||
All of | ||
Any of | ||
Zyxel Usg Flex 50 Firmware | =5.36 | |
Zyxel Usg Flex 50 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 50 | ||
All of | ||
Any of | ||
Zyxel Usg Flex 200 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 200 Firmware | =5.36 | |
Zyxel Usg Flex 200 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 200 | ||
All of | ||
Any of | ||
Zyxel Usg Flex 500 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 500 Firmware | =5.36 | |
Zyxel Usg Flex 500 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 500 | ||
All of | ||
Any of | ||
Zyxel Usg Flex 700 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 700 Firmware | =5.36 | |
Zyxel Usg Flex 700 Firmware | =5.36-patch1 | |
Zyxel Usg Flex 700 | ||
All of | ||
Any of | ||
Zyxel Usg Flex 100 Firmware | >=4.50<5.36 | |
Zyxel Usg Flex 100w Firmware | =5.36 | |
Zyxel Usg Flex 100w Firmware | =5.36-patch1 | |
Zyxel Usg Flex 100w | ||
All of | ||
Any of | ||
Zyxel Usg Flex 50w Firmware | >=4.25<5.36 | |
Zyxel Usg Flex 50w Firmware | =5.36 | |
Zyxel Usg Flex 50w Firmware | =5.36-patch1 | |
Zyxel Usg Flex 50w | ||
All of | ||
Any of | ||
Zyxel Usg 20w-vpn Firmware | =5.36 | |
Zyxel Usg 20w-vpn Firmware | =5.36-patch1 | |
Zyxel Usg 20w-vpn | ||
All of | ||
Any of | ||
Zyxel Vpn100 Firmware | >=4.30<5.36 | |
Zyxel Vpn100 Firmware | =5.36 | |
Zyxel Vpn100 Firmware | =5.36-patch1 | |
Zyxel Vpn100 | ||
All of | ||
Any of | ||
Zyxel Vpn50 Firmware | >=4.30<5.36 | |
Zyxel Vpn50 Firmware | =5.36 | |
Zyxel Vpn50 Firmware | =5.36-patch1 | |
Zyxel Vpn50 | ||
All of | ||
Any of | ||
Zyxel Vpn300 Firmware | >=4.30<5.36 | |
Zyxel Vpn300 Firmware | =5.36 | |
Zyxel Vpn300 Firmware | =5.36-patch1 | |
Zyxel Vpn300 | ||
All of | ||
Any of | ||
Zyxel Vpn1000 Firmware | >=4.30<5.36 | |
Zyxel Vpn1000 Firmware | =5.36 | |
Zyxel Vpn1000 Firmware | =5.36-patch1 | |
Zyxel Vpn1000 | ||
All of | ||
Any of | ||
Zyxel Usg20-vpn Firmware | >=4.30<5.36 | |
Zyxel Usg20-vpn Firmware | =5.36 | |
Zyxel Usg20-vpn Firmware | =5.36-patch1 | |
Zyxel Usg20-vpn | ||
All of | ||
Any of | ||
Zyxel Usg 40 Firmware | >=4.25<4.73 | |
Zyxel Usg 40 Firmware | =4.73 | |
Zyxel Usg 40 Firmware | =4.73-patch1 | |
Zyxel Usg 40 | ||
All of | ||
Any of | ||
Zyxel Usg 40w Firmware | >=4.25<4.73 | |
Zyxel Usg 40w Firmware | =4.73 | |
Zyxel Usg 40w Firmware | =4.73-patch1 | |
Zyxel Usg 40w | ||
All of | ||
Any of | ||
Zyxel Usg 60w Firmware | >=4.25<4.73 | |
Zyxel Usg 60w Firmware | =4.73 | |
Zyxel Usg 60w Firmware | =4.73-patch1 | |
Zyxel Usg 60w | ||
All of | ||
Any of | ||
Zyxel Usg 60 Firmware | >=4.25<4.73 | |
Zyxel Usg 60 Firmware | =4.73 | |
Zyxel Usg 60 Firmware | =4.73-patch1 | |
Zyxel Usg 60 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-33010 is a buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1.
CVE-2023-33010 affects Zyxel Multiple Firewalls by exploiting a buffer overflow vulnerability in the ID processing function.
The severity of CVE-2023-33010 is not mentioned in the available information.
To fix CVE-2023-33010, it is recommended to apply the latest firmware updates provided by Zyxel.
You can find more information about CVE-2023-33010 in the Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls.