Buffer Overflow Vulnerability in Zyxel ATP and USG FLEX Series Firmware
CVE-2023-33009
Key Information:
- Vendor
Zyxel
- Vendor
- CVE Published:
- 24 May 2023
Badges
What is CVE-2023-33009?
A buffer overflow vulnerability exists in the notification function of Zyxel's ATP and USG FLEX series firmware, allowing unauthenticated attackers to exploit this weakness. Successful exploitation may lead to denial-of-service conditions or remote code execution on affected devices, jeopardizing network security and integrity. This vulnerability impacts multiple firmware versions and demands immediate attention for mitigating potential threats.
CISA has reported CVE-2023-33009
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-33009 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
ATP series firmware 4.60 through 5.36 Patch 1
USG FLEX 50(W) firmware 4.60 through 5.36 Patch 1
USG FLEX series firmware 4.60 through 5.36 Patch 1
References
EPSS Score
6% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
Vulnerability published
Vulnerability Reserved