Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on the affected Zyxell firewalls.
Below are the two vulnerabilities :
CVE-2023-33009: A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1.
CVE-2023-33010: Another buffer overflow vulnerability in the ID processing function in the same Zyxel firmware versions.The flaw could once again allow an unauthenticated attacker to cause “conditions DoS” or remotely execute code on an affected device. Both issues are classified as “critical” vulnerabilities, with a severity score of 9,8.
How to install updates
Login to your ZLD appliance and go to Configuration → Licensing → Registration → Service and click the Service License Refresh button. This must be done before you can access your myZyxel account to download new firmware patches. This will sync necessary info with the myZyxel server (info like running firmware version, MAC Address, S/N, etc.).
Open an internet browser and go to URL: https://portal.myzyxel.com/ and login to your account.
Once in your account dashboard, find the ZLD router you wish to download firmware for and click on the Download button under the “Firmware Update” column.
Leave A Comment