Sign-up

ID

VAR-202305-2285


CVE

CVE-2023-33010


TITLE

plural  ZyXEL  Classic buffer overflow vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2023-007634

DESCRIPTION

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. ATP100 firmware, ATP200 firmware, ATP500 firmware etc. ZyXEL The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-33010 // JVNDB: JVNDB-2023-007634 // VULMON: CVE-2023-33010

AFFECTED PRODUCTS

vendor:zyxelmodel:usg flex 700scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp500scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 40wscope:gteversion:4.25

Trust: 1.0

vendor:zyxelmodel:usg 40scope:gteversion:4.25

Trust: 1.0

vendor:zyxelmodel:usg 60wscope:gteversion:4.25

Trust: 1.0

vendor:zyxelmodel:atp700scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:atp100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 40wscope:eqversion:4.73

Trust: 1.0

vendor:zyxelmodel:atp800scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 40scope:eqversion:4.73

Trust: 1.0

vendor:zyxelmodel:usg 60wscope:eqversion:4.73

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp700scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn300scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp500scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg 40scope:ltversion:4.73

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp100scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg 60scope:ltversion:4.73

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp100wscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp200scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:4.25

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg 60scope:gteversion:4.25

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn300scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg 60wscope:ltversion:4.73

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:atp200scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 60scope:eqversion:4.73

Trust: 1.0

vendor:zyxelmodel:vpn50scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp800scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg 40wscope:ltversion:4.73

Trust: 1.0

vendor:zyxelmodel:vpn100scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:vpn50scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:eqversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp800scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp500scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-007634 // NVD: CVE-2023-33010

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-33010
value: CRITICAL

Trust: 1.8

security@zyxel.com.tw: CVE-2023-33010
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202305-2093
value: CRITICAL

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-33010
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-007634 // NVD: CVE-2023-33010 // NVD: CVE-2023-33010 // CNNVD: CNNVD-202305-2093

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-007634 // NVD: CVE-2023-33010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-2093

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-2093

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-33010

PATCH
title:Zyxel ATP Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240581
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202305-2093

EXTERNAL IDS
db:NVDid:CVE-2023-33010
Trust: 3.3
db:JVNDBid:JVNDB-2023-007634
Trust: 0.8
db:CNNVDid:CNNVD-202305-2093
Trust: 0.6
db:VULMONid:CVE-2023-33010
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-33010 // 
            
            
            
            JVNDB: JVNDB-2023-007634 // 
            
            
            
            NVD: CVE-2023-33010 // 
            
            
            
            CNNVD: CNNVD-202305-2093

REFERENCES
url:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2023-33010
Trust: 0.8
url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-33010/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-33010 // 
            
            
            
            JVNDB: JVNDB-2023-007634 // 
            
            
            
            NVD: CVE-2023-33010 // 
            
            
            
            CNNVD: CNNVD-202305-2093

SOURCES
db:VULMONid:CVE-2023-33010
db:JVNDBid:JVNDB-2023-007634
db:NVDid:CVE-2023-33010
db:CNNVDid:CNNVD-202305-2093

LAST UPDATE DATE
2023-12-18T11:54:13.182000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-33010date:2023-05-24T00:00:00
db:JVNDBid:JVNDB-2023-007634date:2023-11-24T08:10:00
db:NVDid:CVE-2023-33010date:2023-06-07T18:20:46.193
db:CNNVDid:CNNVD-202305-2093date:2023-06-07T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-33010date:2023-05-24T00:00:00
db:JVNDBid:JVNDB-2023-007634date:2023-11-24T00:00:00
db:NVDid:CVE-2023-33010date:2023-05-24T13:15:09.640
db:CNNVDid:CNNVD-202305-2093date:2023-05-24T00:00:00