Latest Cyber Security News

You are here: Home / General Cyber Security News / Zyxel Issues Critical Security Patches for Firewall and VPN Products
May 25, 2023

Zyxel has released application updates to deal with two critical security flaws influencing select firewall and VPN solutions that could be abused by distant attackers to attain code execution.

Both equally the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring program.

A transient description of the two issues is down below –

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


  • CVE-2023-33009 – A buffer overflow vulnerability in the notification perform that could allow an unauthenticated attacker to result in a denial-of-company (DoS) issue and remote code execution.
  • CVE-2023-33010 – A buffer overflow vulnerability in the ID processing operate that could empower an unauthenticated attacker to result in a denial-of-service (DoS) affliction and distant code execution.

The pursuing devices are impacted –

  • ATP (variations ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • USG FLEX50(W) / USG20(W)-VPN (versions ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • VPN (variations ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and
  • ZyWALL/USG (variations ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2)

Security scientists from TRAPA Security and STAR Labs SG have been credited with identifying and reporting the flaw.

Impending WEBINARZero Belief + Deception: Study How to Outsmart Attackers!

Discover how Deception can detect advanced threats, cease lateral motion, and enrich your Zero Belief strategy. Join our insightful webinar!

Preserve My Seat!

The advisory arrives fewer than a month immediately after Zyxel shipped fixes for another critical security flaw in its firewall equipment that could be exploited to attain remote code execution on afflicted programs.

The issue, tracked as CVE-2023-28771 (CVSS rating: 9.8), was also credited to TRAPA Security, with the networking products maker blaming it on poor error message dealing with. It has because arrive below active exploitation by menace actors involved with the Mirai botnet.

Discovered this posting attention-grabbing? Comply with us on Twitter  and LinkedIn to study extra distinctive written content we post.


Some elements of this post are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *