CVE-2023-33009 — CRITICAL (9.8)

Q: How severe is CVE-2023-33009?

CVE-2023-33009 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-33009?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Atp100 Firmware, Zyxel Atp100, Zyxel Atp200 Firmware, Zyxel Atp200, Zyxel Atp500 Firmware.

Vulnerability Description

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Atp100 Firmware	>= 4.60, < 5.36
Zyxel	Atp100	-
Zyxel	Atp200 Firmware	>= 4.60, < 5.36
Zyxel	Atp200	-
Zyxel	Atp500 Firmware	>= 4.60, < 5.36
Zyxel	Atp500	-
Zyxel	Atp100W Firmware	>= 4.60, < 5.36
Zyxel	Atp100W	-
Zyxel	Atp700 Firmware	>= 4.60, < 5.36
Zyxel	Atp700	-
Zyxel	Atp800 Firmware	>= 4.60, < 5.36
Zyxel	Atp800	-
Zyxel	Usg Flex 100 Firmware	>= 4.60, < 5.36
Zyxel	Usg Flex 100	-
Zyxel	Usg Flex 50 Firmware	>= 4.60, < 5.36
Zyxel	Usg Flex 50	-
Zyxel	Usg Flex 200 Firmware	>= 4.60, < 5.36
Zyxel	Usg Flex 200	-
Zyxel	Usg Flex 500 Firmware	>= 4.60, < 5.36
Zyxel	Usg Flex 500	-

Related Weaknesses (CWE)

CWE-120

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-US Government Resource

FAQ

What is CVE-2023-33009?

CVE-2023-33009 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W...

How severe is CVE-2023-33009?

CVE-2023-33009 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-33009?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Atp100 Firmware, Zyxel Atp100, Zyxel Atp200 Firmware, Zyxel Atp200, Zyxel Atp500 Firmware.