Sign-up

ID

VAR-202305-2121


CVE

CVE-2023-33009


TITLE

plural  ZyXEL  Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2023-007635

DESCRIPTION

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. ATP100 firmware, ATP200 firmware, ATP500 firmware etc. ZyXEL The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-33009 // JVNDB: JVNDB-2023-007635 // VULMON: CVE-2023-33009

AFFECTED PRODUCTS

vendor:zyxelmodel:usg flex 100scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn300scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 60scope:eqversion:4.73

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp100wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp800scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn50scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp500scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp200scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp200scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 60wscope:eqversion:4.73

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100wscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 40scope:ltversion:4.73

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn300scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp700scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 40scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg 40wscope:ltversion:4.73

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 60scope:ltversion:4.73

Trust: 1.0

vendor:zyxelmodel:atp800scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn100scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 60scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn50scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 40scope:eqversion:4.73

Trust: 1.0

vendor:zyxelmodel:usg 40wscope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp500scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 40wscope:eqversion:4.73

Trust: 1.0

vendor:zyxelmodel:usg 60wscope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp700scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 60wscope:ltversion:4.73

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:4.60

Trust: 1.0

vendor:zyxelmodel:atp100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp800scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp500scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-007635 // NVD: CVE-2023-33009

CVSS

SEVERITY

CVSSV2

CVSSV3

security@zyxel.com.tw: CVE-2023-33009
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-33009
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2023-007635
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202305-2094
value: CRITICAL

Trust: 0.6

security@zyxel.com.tw:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-007635
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-007635 // CNNVD: CNNVD-202305-2094 // NVD: CVE-2023-33009 // NVD: CVE-2023-33009

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-007635 // NVD: CVE-2023-33009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-2094

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-2094

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-33009

PATCH
title:Zyxel ATP Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240582
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-2094

EXTERNAL IDS
db:NVDid:CVE-2023-33009
Trust: 3.3
db:JVNDBid:JVNDB-2023-007635
Trust: 0.8
db:CNNVDid:CNNVD-202305-2094
Trust: 0.6
db:VULMONid:CVE-2023-33009
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-33009 // 
            
            
            
            JVNDB: JVNDB-2023-007635 // 
            
            
            
            CNNVD: CNNVD-202305-2094 // 
            
            
            
            NVD: CVE-2023-33009

REFERENCES
url:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-33009
Trust: 0.8
url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-33009/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-33009 // 
            
            
            
            JVNDB: JVNDB-2023-007635 // 
            
            
            
            CNNVD: CNNVD-202305-2094 // 
            
            
            
            NVD: CVE-2023-33009

SOURCES
db:VULMONid:CVE-2023-33009
db:JVNDBid:JVNDB-2023-007635
db:CNNVDid:CNNVD-202305-2094
db:NVDid:CVE-2023-33009

LAST UPDATE DATE
2024-04-03T22:50:49.469000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-33009date:2023-05-24T00:00:00
db:JVNDBid:JVNDB-2023-007635date:2023-11-24T08:10:00
db:CNNVDid:CNNVD-202305-2094date:2023-06-16T00:00:00
db:NVDid:CVE-2023-33009date:2024-04-01T15:51:48.877

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-33009date:2023-05-24T00:00:00
db:JVNDBid:JVNDB-2023-007635date:2023-11-24T00:00:00
db:CNNVDid:CNNVD-202305-2094date:2023-05-24T00:00:00
db:NVDid:CVE-2023-33009date:2023-05-24T13:15:09.560