Zyxel has released software updates to address two critical security flaws, CVE-2023-33009 and CVE-2023-33010, that could be abused by remote attackers to achieve code execution. These vulnerabilities are buffer overflow flaws and have a CVSS score of 9.8 out of 10. CVE-2023-33009 affects the notification function, while CVE-2023-33010 affects the ID processing function, and both could lead to a denial-of-service (DoS) condition and remote code execution. The affected devices are ATP, USG FLEX, USG FLEX50(W) / USG20(W)-VPN, VPN, and ZyWALL/USG.
These flaws were discovered and reported by researchers from TRAPA Security and STAR Labs SG. This security advisory follows the discovery of another critical security flaw in Zyxel’s firewall devices, CVE-2023-28771, which was also credited to TRAPA Security and was due to improper error message handling. This flaw has been actively exploited by threat actors associated with the Mirai botnet. To protect against these issues, Zyxel has released software updates to ensure the security of their products.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.