CVE-2023-6764
First published: Tue Feb 20 2024(Updated: )
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
Credit: security@zyxel.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zyxel ATP series firmware | >=4.32<5.37 Patch 1 | |
| Zyxel USG FLEX series firmware | >=4.50<5.37 Patch 1 | |
| Zyxel USG FLEX 50(W) series firmware | >=4.16<5.37 Patch 1 | |
| Zyxel USG 20w-VPN Firmware | >=4.16<5.37 Patch 1 | |
| All of | ||
| Any of | ||
| Zyxel ATP100 Firmware | >=4.32<5.37 | |
| Zyxel ATP100 Firmware | =5.37 | |
| Zyxel ATP100 Firmware | =5.37-patch1 | |
| Zyxel ATP100 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel ATP100W Firmware | >=4.32<5.37 | |
| Zyxel ATP100W Firmware | =5.37 | |
| Zyxel ATP100W Firmware | =5.37-patch1 | |
| Zyxel ATP100W Firmware | ||
| All of | ||
| Any of | ||
| Zyxel ATP200 firmware | >=4.32<5.37 | |
| Zyxel ATP200 firmware | =5.37 | |
| Zyxel ATP200 firmware | =5.37-patch1 | |
| Zyxel ATP200 firmware | ||
| All of | ||
| Any of | ||
| Zyxel ATP500 Firmware | >=4.32<5.37 | |
| Zyxel ATP500 Firmware | =5.37 | |
| Zyxel ATP500 Firmware | =5.37-patch1 | |
| Zyxel ATP500 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel ATP700 Firmware | >=4.32<5.37 | |
| Zyxel ATP700 Firmware | =5.37 | |
| Zyxel ATP700 Firmware | =5.37-patch1 | |
| Zyxel ATP700 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel ATP800 | >=4.32<5.37 | |
| Zyxel ATP800 | =5.37 | |
| Zyxel ATP800 | =5.37-patch1 | |
| Zyxel ATP800 Firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG Flex 100 firmware | >=4.50<5.37 | |
| Zyxel USG Flex 100 firmware | =5.37 | |
| Zyxel USG Flex 100 firmware | =5.37-patch1 | |
| Zyxel USG FLEX 100 | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 100ax firmware | >=4.50<5.37 | |
| Zyxel USG FLEX 100ax firmware | =5.37 | |
| Zyxel USG FLEX 100ax firmware | =5.37-patch1 | |
| Zyxel USG FLEX 100ax firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 100ax firmware | >=4.50<5.37 | |
| Zyxel USG FLEX 100ax firmware | =5.37 | |
| Zyxel USG FLEX 100ax firmware | =5.37-patch1 | |
| Zyxel USG FLEX 100h | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 100w firmware | >=4.50<5.37 | |
| Zyxel USG FLEX 100w firmware | =5.37 | |
| Zyxel USG FLEX 100w firmware | =5.37-patch1 | |
| Zyxel USG FLEX 100w firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 200 | >=4.50<5.37 | |
| Zyxel USG FLEX 200 | =5.37 | |
| Zyxel USG FLEX 200 | =5.37-patch1 | |
| Zyxel USG FLEX 200 firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 200h firmware | >=4.50<5.37 | |
| Zyxel USG FLEX 200h firmware | =5.37 | |
| Zyxel USG FLEX 200h firmware | =5.37-patch1 | |
| Zyxel USG FLEX 200h firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG Flex 200HP Firmware | >=4.50<5.37 | |
| Zyxel USG Flex 200HP Firmware | =5.37 | |
| Zyxel USG Flex 200HP Firmware | =5.37-patch1 | |
| Zyxel USG FLEX 200hp | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 500 | >=4.50<5.37 | |
| Zyxel USG FLEX 500 | =5.37 | |
| Zyxel USG FLEX 500 | =5.37-patch1 | |
| Zyxel USG FLEX 500 firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 500h | >=4.50<5.37 | |
| Zyxel USG FLEX 500h | =5.37 | |
| Zyxel USG FLEX 500h | =5.37-patch1 | |
| Zyxel USG FLEX 500h firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 700 firmware | >=4.50<5.37 | |
| Zyxel USG FLEX 700 firmware | =5.37 | |
| Zyxel USG FLEX 700 firmware | =5.37-patch1 | |
| Zyxel USG FLEX 700 firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 700h firmware | >=4.50<5.37 | |
| Zyxel USG FLEX 700h firmware | =5.37 | |
| Zyxel USG FLEX 700h firmware | =5.37-patch1 | |
| Zyxel USG FLEX 700h firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 50(W) series firmware | >=4.16<5.37 | |
| Zyxel USG FLEX 50(W) series firmware | =5.37 | |
| Zyxel USG FLEX 50(W) series firmware | =5.37-patch1 | |
| Zyxel USG FLEX 50 | ||
| All of | ||
| Any of | ||
| Zyxel USG FLEX 50w | >=4.16<5.37 | |
| Zyxel USG FLEX 50w | =5.37 | |
| Zyxel USG FLEX 50w | =5.37-patch1 | |
| Zyxel USG FLEX 50(W) series firmware | ||
| All of | ||
| Any of | ||
| Zyxel USG20-VPN Firmware | >=4.16<5.37 | |
| Zyxel USG20-VPN Firmware | =5.37 | |
| Zyxel USG20-VPN Firmware | =5.37-patch1 | |
| Zyxel USG20 | ||
| All of | ||
| Any of | ||
| Zyxel USG 20w-VPN Firmware | >=4.16<5.37 | |
| Zyxel USG 20w-VPN Firmware | =5.37 | |
| Zyxel USG 20w-VPN Firmware | =5.37-patch1 | |
| Zyxel USG20W-VPN Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- vendor/zyxel
- canonical/zyxel atp series firmware
- canonical/zyxel usg flex series firmware
- canonical/zyxel usg flex 50(w) series firmware
- canonical/zyxel usg 20w-vpn firmware
- canonical/zyxel atp100 firmware
- version/zyxel atp100 firmware/4.32
- version/zyxel atp100 firmware/5.37
- version/zyxel atp100 firmware/5.37-patch1
- canonical/zyxel atp100w firmware
- version/zyxel atp100w firmware/4.32
- version/zyxel atp100w firmware/5.37
- version/zyxel atp100w firmware/5.37-patch1
- canonical/zyxel atp200 firmware
- version/zyxel atp200 firmware/4.32
- version/zyxel atp200 firmware/5.37
- version/zyxel atp200 firmware/5.37-patch1
- canonical/zyxel atp500 firmware
- version/zyxel atp500 firmware/4.32
- version/zyxel atp500 firmware/5.37
- version/zyxel atp500 firmware/5.37-patch1
- canonical/zyxel atp700 firmware
- version/zyxel atp700 firmware/4.32
- version/zyxel atp700 firmware/5.37
- version/zyxel atp700 firmware/5.37-patch1
- canonical/zyxel atp800
- version/zyxel atp800/4.32
- version/zyxel atp800/5.37
- version/zyxel atp800/5.37-patch1
- canonical/zyxel atp800 firmware
- canonical/zyxel usg flex 100 firmware
- version/zyxel usg flex 100 firmware/4.50
- version/zyxel usg flex 100 firmware/5.37
- version/zyxel usg flex 100 firmware/5.37-patch1
- canonical/zyxel usg flex 100
- canonical/zyxel usg flex 100ax firmware
- version/zyxel usg flex 100ax firmware/4.50
- version/zyxel usg flex 100ax firmware/5.37
- version/zyxel usg flex 100ax firmware/5.37-patch1
- canonical/zyxel usg flex 100h
- canonical/zyxel usg flex 100w firmware
- version/zyxel usg flex 100w firmware/4.50
- version/zyxel usg flex 100w firmware/5.37
- version/zyxel usg flex 100w firmware/5.37-patch1
- canonical/zyxel usg flex 200
- version/zyxel usg flex 200/4.50
- version/zyxel usg flex 200/5.37
- version/zyxel usg flex 200/5.37-patch1
- canonical/zyxel usg flex 200 firmware
- canonical/zyxel usg flex 200h firmware
- version/zyxel usg flex 200h firmware/4.50
- version/zyxel usg flex 200h firmware/5.37
- version/zyxel usg flex 200h firmware/5.37-patch1
- canonical/zyxel usg flex 200hp firmware
- version/zyxel usg flex 200hp firmware/4.50
- version/zyxel usg flex 200hp firmware/5.37
- version/zyxel usg flex 200hp firmware/5.37-patch1
- canonical/zyxel usg flex 200hp
- canonical/zyxel usg flex 500
- version/zyxel usg flex 500/4.50
- version/zyxel usg flex 500/5.37
- version/zyxel usg flex 500/5.37-patch1
- canonical/zyxel usg flex 500 firmware
- canonical/zyxel usg flex 500h
- version/zyxel usg flex 500h/4.50
- version/zyxel usg flex 500h/5.37
- version/zyxel usg flex 500h/5.37-patch1
- canonical/zyxel usg flex 500h firmware
- canonical/zyxel usg flex 700 firmware
- version/zyxel usg flex 700 firmware/4.50
- version/zyxel usg flex 700 firmware/5.37
- version/zyxel usg flex 700 firmware/5.37-patch1
- canonical/zyxel usg flex 700h firmware
- version/zyxel usg flex 700h firmware/4.50
- version/zyxel usg flex 700h firmware/5.37
- version/zyxel usg flex 700h firmware/5.37-patch1
- version/zyxel usg flex 50(w) series firmware/4.16
- version/zyxel usg flex 50(w) series firmware/5.37
- version/zyxel usg flex 50(w) series firmware/5.37-patch1
- canonical/zyxel usg flex 50
- canonical/zyxel usg flex 50w
- version/zyxel usg flex 50w/4.16
- version/zyxel usg flex 50w/5.37
- version/zyxel usg flex 50w/5.37-patch1
- canonical/zyxel usg20-vpn firmware
- version/zyxel usg20-vpn firmware/4.16
- version/zyxel usg20-vpn firmware/5.37
- version/zyxel usg20-vpn firmware/5.37-patch1
- canonical/zyxel usg20
- version/zyxel usg 20w-vpn firmware/4.16
- version/zyxel usg 20w-vpn firmware/5.37
- version/zyxel usg 20w-vpn firmware/5.37-patch1
- canonical/zyxel usg20w-vpn firmware