Unauthorized Remote Code Execution Vulnerability in Zyxel ATP Series Firmware
CVE-2023-6764

8.1HIGH

Key Information:

Vendor: Zyxel
Status: ATP series firmware; USG FLEX series firmware; USG FLEX 50(W) series firmware; USG20(W)-VPN series firmware
Vendor: CVE Published:; 20 February 2024

What is CVE-2023-6764?

A format string vulnerability exists in the IPSec VPN feature of Zyxel's firmware, specifically impacting several models within the ATP and USG FLEX series. This vulnerability may allow an attacker to execute unauthorized remote code by utilizing a sequence of specially crafted payloads that exploit an invalid pointer. Successfully carrying out an attack necessitates a comprehensive understanding of the targeted device's memory layout and configuration, potentially making exploitation challenging.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ATP series firmware version 4.32 through 5.37 Patch 1

USG FLEX 50(W) series firmware version 4.16 through 5.37 Patch 1

USG FLEX series firmware version 4.50 through 5.37 Patch 1

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Dec 13, 2023

JSON

Zyxel

What is CVE-2023-6764?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.