• Menu
  • Skip to main content
  • Skip to primary sidebar

All Tech News

Latest Technology News

Zyxel Issues Critical Security Patches for Firewall and VPN Products

You are here: Home / Cyber Security News / Zyxel Issues Critical Security Patches for Firewall and VPN Products

Zyxel has unveiled application updates to deal with two critical security flaws impacting pick out firewall and VPN solutions that could be abused by remote attackers to realize code execution.

Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring process.

A temporary description of the two issues is beneath –

  • CVE-2023-33009 – A buffer overflow vulnerability in the notification perform that could permit an unauthenticated attacker to induce a denial-of-service (DoS) condition and remote code execution.
  • CVE-2023-33010 – A buffer overflow vulnerability in the ID processing functionality that could empower an unauthenticated attacker to lead to a denial-of-assistance (DoS) condition and remote code execution.

The adhering to products are impacted –

  • ATP (versions ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • USG FLEX50(W) / USG20(W)-VPN (versions ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
  • VPN (variations ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and
  • ZyWALL/USG (versions ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2)

Security scientists from TRAPA Security and STAR Labs SG have been credited with exploring and reporting the flaws.

Forthcoming WEBINARZero Have confidence in + Deception: Learn How to Outsmart Attackers!

Find how Deception can detect advanced threats, stop lateral motion, and enhance your Zero Have faith in approach. Sign up for our insightful webinar!

Preserve My Seat!

The advisory will come less than a month following Zyxel shipped fixes for yet another critical security flaw in its firewall equipment that could be exploited to reach distant code execution on afflicted techniques.

The issue, tracked as CVE-2023-28771 (CVSS rating: 9.8), was also credited to TRAPA Security, with the networking machines maker blaming it on inappropriate error message dealing with. It has due to the fact occur less than active exploitation by risk actors affiliated with the Mirai botnet.

Located this short article fascinating? Observe us on Twitter  and LinkedIn to go through additional special information we post.

Some parts of this article are sourced from:
thehackernews.com

Previous Post: « Cynet Protects Hospital From Lethal Infection
Next Post: Dark Frost Botnet Launches Devastating DDoS Attacks on Gaming Industry »

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
  • 295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager
  • INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure
  • Why DNS Security Is Your First Defense Against Cyber Attacks?
  • SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Copyright © 2025 · AllTech.News, All Rights Reserved.