CVE-2023-33010

Name of the Vulnerable Software and Affected Versions Zyxel ATP series versions 4.32 through 5.36 Patch 1 Zyxel USG FLEX series versions 4.50 through 5.36 Patch 1 Zyxel USG FLEX 50(W) versions 4.25 through 5.36 Patch 1 Zyxel USG20(W)-VPN versions 4.25 through 5.36 Patch 1 Zyxel VPN series versions 4.30 through 5.36 Patch 1 Zyxel ZyWALL/USG series versions 4.25 through 4.73 Patch 1

Description A buffer overflow vulnerability in the ID processing function could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. The vulnerability is related to the copying of a buffer without checking the size of the input data.

Recommendations For Zyxel ATP series versions 4.32 through 5.36 Patch 1, update to a version later than 5.36 Patch 1. For Zyxel USG FLEX series versions 4.50 through 5.36 Patch 1, update to a version later than 5.36 Patch 1. For Zyxel USG FLEX 50(W) versions 4.25 through 5.36 Patch 1, update to a version later than 5.36 Patch 1. For Zyxel USG20(W)-VPN versions 4.25 through 5.36 Patch 1, update to a version later than 5.36 Patch 1. For Zyxel VPN series versions 4.30 through 5.36 Patch 1, update to a version later than 5.36 Patch 1. For Zyxel ZyWALL/USG series versions 4.25 through 4.73 Patch 1, update to a version later than 4.73 Patch 1. As a temporary workaround, consider disabling the ID processing function until a patch is available.