A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZyxel Atp100
HWZyxelwszystkie wersjeZyxel Atp100 Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Atp100w
HWZyxelwszystkie wersjeZyxel Atp100w Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Atp200
HWZyxelwszystkie wersjeZyxel Atp200 Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Atp500
HWZyxelwszystkie wersjeZyxel Atp500 Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Atp700
HWZyxelwszystkie wersjeZyxel Atp700 Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Atp800
HWZyxelwszystkie wersjeZyxel Atp800 Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Usg20 Vpn
HWZyxelwszystkie wersjeZyxel Usg20 Vpn Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Usg 20w Vpn
HWZyxelwszystkie wersjeZyxel Usg 20w Vpn Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Usg 40
HWZyxelwszystkie wersjeZyxel Usg 40 Firmware
OSZyxel4.734.60 – 4.73 (bez)Zyxel Usg 40w
HWZyxelwszystkie wersjeZyxel Usg 40w Firmware
OSZyxel4.734.60 – 4.73 (bez)Zyxel Usg 60
HWZyxelwszystkie wersjeZyxel Usg 60 Firmware
OSZyxel4.734.60 – 4.73 (bez)Zyxel Usg 60w
HWZyxelwszystkie wersjeZyxel Usg 60w Firmware
OSZyxel4.734.60 – 4.73 (bez)Zyxel Usg Flex 100
HWZyxelwszystkie wersjeZyxel Usg Flex 100 Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Usg Flex 100w
HWZyxelwszystkie wersjeZyxel Usg Flex 100w Firmware
OSZyxel5.364.60 – 5.36 (bez)Zyxel Usg Flex 200
HWZyxelwszystkie wersjeZyxel Usg Flex 200 Firmware
OSZyxel5.364.60 – 5.36 (bez)
CISA KEV — detailsi
- Vendori
- Zyxel
- Producti
- Multiple Firewalls
- Added to KEVi
- June 5, 2023
- Remediation deadline (US Federal)i
- June 26, 2023(overdue)
Apply updates per vendor instructions.
Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.
Related vulnerabilities
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 throu...
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series fir...
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 throug...
Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable passw...
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authenticati...