Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls (CVE-2023-33009, CVE-2023-33010)
Dark Lab on May 29 2023
Share:
On 24 May 2023, Zyxel released a security advisory alerting customers of two critical buffer overflow vulnerabilities that may allow an unauthenticated attacker to perform a denial-of-service (DoS) attack or remote code execution in their firewall and VPN products. Though no exploitation attempts have been observed as at the time of writing, we suspect malicious threat actors will quickly seek to weaponise the critical vulnerabilities, given past exploitation of similar Zyxel vulnerabilities.
The vendor has released a patch to remediate potential exploitation of the buffer overflow vulnerabilities. No further workarounds have been disclosed.
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
The vendor has released a patch to remediate potential exploitation of the buffer overflow vulnerabilities. No further workarounds have been disclosed.
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls