CVE-2023-33011

CVSS V2 None CVSS V3 None

Description

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.

Overview

CVE ID
CVE-2023-33011

Assigner
Zyxel

Vulnerability Status
PUBLISHED

Published Version
2023-07-17T17:15:45.876Z

Last Modified Date
2023-07-17T17:15:45.876Z

Weakness Enumerations

CWE	URL
CWE-134	http://cwe.mitre.org/data/definitions/134.html

References

Reference URL	Reference Tags
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-33011
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33011

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 08:01:44				Added to TrackCVE