CVE-2023-33011 - Zyxel Zywall Atp700 Firmware, Zyxel Zywall Vpn2s Firmware and Zyxel Zywall Atp500 Firmware

Critical 8.8

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.

Affected software

Zyxel Zywall Atp700 Firmware

Zyxel Zywall Vpn2s Firmware

Zyxel Zywall Atp500 Firmware

Zyxel Zywall Vpn100 Firmware

Zyxel Zywall Atp800 Firmware

Zyxel Usg Flex 200 Firmware

Zyxel Zywall Vpn 100 Firmware

Zyxel Usg 20w-vpn Firmware

Zyxel Zywall Vpn50 Firmware

Zyxel Usg Flex 100 Firmware

Zyxel Usg Flex 700 Firmware

Zyxel Zywall Atp200 Firmware

Zyxel Usg Flex 500 Firmware

Zyxel Usg 2200-vpn Firmware

Zyxel Zywall Vpn300 Firmware

Zyxel Usg Flex 50w Firmware

Zyxel Usg Flex 50 Firmware

Zyxel Usg Flex 100w Firmware

Zyxel Zywall Vpn 50 Firmware

Zyxel Zywall Atp100w Firmware

Zyxel Zywall Vpn 300 Firmware

Zyxel Zywall Atp100 Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.