Published: June 1, 2023
There are three critical vulnerabilities affecting multiple versions of Zyxel networking devices. Zyxel provides networking products like switches, routers and firewalls.
A critical unauthenticated OS command injection vulnerability (CVE-2023-28771 CVSS Score 9.8) is affecting multiple Zyxel networking devices. Improper error message handling in some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
Two vulnerabilities – A buffer overflow vulnerability (CVE-2023-33009 CVSS score 9.8) in the notification function, and a buffer overflow vulnerability (CVE-2023-33010 CVSS Score 9.8) in the ID processing function, in some Zyxel products, allowing an unauthenticated attacker to perform remote code execution or impose DoS conditions.
All three critical vulnerabilities can be exploited to execute code remotely by the attacker. The specially crafted packets can result in exploitation of these vulnerabilities. The exploits can also lead to Denial-of-Service situation where the device stops responding.
The impacted devices and the versions of their firmware are given below:
|Zyxel ZyWALL/USG series||4.60 to 4.73 Patch1|
|VPN series||4.60 to 5.35 Patch1|
|USG FLEX series||4.60 to 5.35 Patch1|
|ATP series||4.60 to 5.35 Patch1|
Mitigations and Workarounds
Zyxel has released patches for these vulnerabilities for different Zyxel devices and has recommended these patches to be installed immediately.
|Firmware||Affected Versions||Patched Versions|
|Zyxel ZyWALL/USG series||4.60 to 4.73 Patch1||4.73 Patch2|
|VPN series||4.60 to 5.35 Patch1||5.36 Patch2|
|USG FLEX series||4.60 to 5.35 Patch1||5.36 Patch2|
|ATP series||4.60 to 5.35 Patch1||5.36 Patch2|
To detect the vulnerability, it is advisable to run vulnerability scanning like that available with Netsurion Vulnerability Management and perform automated OS, application, and firmware patch management in the Zyxel devices.
Netsurion Detection and Response
Netsurion’s vulnerability management system will detect the vulnerabilities: CVE-2023-28771, CVE-2023-33009, CVE-2023-33010 using Netsurion’s vulnerability scanner. This is for the customers who have subscribed to the vulnerability detection service with Netsurion.