CVE-2023-33010: Buffer Overflow Vulnerability in Zyxel ATP, USG FLEX, ZyWALL/USG Firmware Allows Unauthenticated Attackers to Cause DoS and Remote Code Execution

A recently discovered buffer overflow vulnerability (CVE-2023-33010) in Zyxel firewall firmware may allow unauthenticated attackers to remotely cause denial of service (DoS) conditions or even execute harmful code on affected devices. The vulnerability affects multiple firmware versions in Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, USG20(W)-VPN Series, VPN Series, and ZyWALL/USG Series firewall devices.

Details

The vulnerability exists in the ID processing function, specifically dealing with the handling of data buffers. Improper handling of data buffers in the affected firmware versions can lead to buffer overflow, ultimately allowing attackers to cause a targeted device to crash or execute arbitrary code without proper authentication.

VPN Series: 4.30 - 5.36 Patch 1

- ZyWALL/USG Series: 4.25 - 4.73 Patch 1

Exploit Details

An attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable ID processing function on an affected device. If successful, the exploit could lead to a buffer overflow, which may result in a crash of the impacted system or possible remote code execution, while bypassing any authentication mechanisms.

Here is a code snippet that demonstrates a possible exploit attempt

import socket

target_ip = "192.168.1.1"
target_port = 12345
buffer_size = 1024

buffer = "A" * buffer_size

payload = bytearray()
payload.extend(buffer.encode())

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((target_ip, target_port))
sock.send(payload)
sock.close()

Original References and Mitigation

Zyxel has acknowledged the vulnerability and is actively working on providing patches for affected firmware versions. Users of affected devices are encouraged to keep an eye out for firmware updates and apply them as soon as possible to mitigate the risk posed by this vulnerability.

You can find more information on this vulnerability and potential mitigation steps in Zyxel's official Security Advisories:

- Zyxel ATP Series Security Advisory
- Zyxel USG FLEX Series Security Advisory
- Zyxel USG FLEX 50(W) Series Security Advisory
- Zyxel USG20(W)-VPN Series Security Advisory
- Zyxel VPN Series Security Advisory
- Zyxel ZyWALL/USG Series Security Advisory

Conclusion

This buffer overflow vulnerability (CVE-2023-33010) in various Zyxel firewall firmware versions poses a significant risk of denial-of-service attacks and remote code execution by unauthenticated attackers. Users are advised to closely monitor updates from Zyxel and apply appropriate firmware patches as soon as they become available to prevent potential exploitation of this vulnerability.

Timeline

Published on: 05/24/2023 13:15:00 UTC
Last modified on: 06/07/2023 18:20:00 UTC