CVE-2023-33010

CRITICAL KEV

Zyxel Atp100 Firmware < 5.36 - Buffer Overflow

Title source: rule

Description

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.

References (2)

[Vendor Advisory] https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33010

Scores

CVSS v3 9.8

EPSS 0.0585

EPSS Percentile 90.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-06-05

VulnCheck KEV 2023-06-05

InTheWild.io 2023-06-05

ENISA EUVD EUVD-2023-37199

CWE

CWE-120

Status published

Products (32)

zyxel/atp100_firmware 5.36 (2 CPE variants)

zyxel/atp100_firmware 4.32 - 5.36

zyxel/atp100w_firmware 5.36 (2 CPE variants)

zyxel/atp100w_firmware 4.32 - 5.36

zyxel/atp200_firmware 5.36 (2 CPE variants)

zyxel/atp200_firmware 4.32 - 5.36

zyxel/atp500_firmware 5.36 (2 CPE variants)

zyxel/atp500_firmware 4.32 - 5.36

zyxel/atp700_firmware 5.36 (2 CPE variants)

zyxel/atp700_firmware 4.32 - 5.36

... and 22 more

Published May 24, 2023

KEV Added Jun 05, 2023

Tracked Since Feb 18, 2026