Two new security vulnerabilities discovered in Zyxel firewalls, patches need to be installed as soon as possible

What happened now? Taiwanese networking corporation Zyxel is once again facing a potential security crisis as many of the company’s firewalls are subject to a pair of nasty vulnerabilities. Updated firmware versions are already available and customers are strongly encouraged to install them as soon as possible.

The latest security advisory issued by Zyxel warns customers about multiple buffer overflow vulnerabilities found in several firewalls and VPN devices of the company. The Taiwanese manufacturer states that attackers could potentially use these two vulnerabilities to execute malicious code or penetrate vulnerable networks.

The first security vulnerability included in the Zyxel advisory is being tracked as CVE-2023-33009, and is described as a buffer overflow issue in the notification function in Zyxel ATP series firmware. The vulnerability could allow an unauthenticated attacker to create a Denial of Service (DoS) threat to vulnerable devices, or even remotely execute malicious code on an affected firewall device.

The second disadvantage is tracked as CVE-2023-33010, which is a buffer overflow vulnerability in the ID handling function in Zyxel ATP series firmware. The vulnerability could again allow an unauthenticated attacker to cause “denial of service (DoS) conditions” or remotely execute code on an affected device. Both issues are classified as “critical” vulnerabilities with a severity score of 9.8.

A buffer overflow condition occurs when a program (or program subroutine) is able to write data to a buffer beyond the buffer’s allocated memory to some extent, overwriting adjacent memory locations. The problem is usually “fixed” by crashing the system or displaying an error message, but sometimes a buffer overflow condition can be exploited by talented hackers or cybercriminals to execute code or breach security measures.

After a “thorough” internal investigation, Zyxel said it had identified a series of firewalls affected by the aforementioned critical vulnerabilities. According to Zyxel, devices that are in the “Vulnerability Support Period” include the following series:

• ATP, ZLD firmware versions V4.32 to V5.36 Patch 1
• USG FLEX, ZLD firmware versions V4.50–V5.36 Patch 1
• USG FLEX50(W) / USG20(W)-VPN, ZLD Firmware V4.25 to V5.36 Patch 1
• VPN, ZLD firmware versions V4.30 to V5.36 Patch 1
• ZyWALL/USG, ZLD Firmware V4.25 to V4.73 Patch 1

Zyxel has already released updated firmware builds to fix two critical vulnerabilities, and customers should of course install the updates as soon as possible to avoid becoming a target for attackers. Black hat hackers and cybercriminals are always on the lookout for vulnerable devices to break into networks owned by private or government organizations, and they usually find them pretty well.