Unauthorized Remote Code Execution Vulnerability in Zyxel ATP Series Firmware
CVE-2023-6764

8.1HIGH

Key Information:

Vendor: Zyxel
Status: ATP series firmware; USG FLEX series firmware; USG FLEX 50(W) series firmware; USG20(W)-VPN series firmware
Vendor: CVE Published:; 20 February 2024

Summary

A format string vulnerability exists in the IPSec VPN feature of Zyxel's firmware, specifically impacting several models within the ATP and USG FLEX series. This vulnerability may allow an attacker to execute unauthorized remote code by utilizing a sequence of specially crafted payloads that exploit an invalid pointer. Successfully carrying out an attack necessitates a comprehensive understanding of the targeted device's memory layout and configuration, potentially making exploitation challenging.

Affected Version(s)

ATP series firmware version 4.32 through 5.37 Patch 1

USG FLEX 50(W) series firmware version 4.16 through 5.37 Patch 1

USG FLEX series firmware version 4.50 through 5.37 Patch 1

References

https://www.zyxel.com/global/en/support/security-advisori...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Dec 13, 2023