CVE-2023-33009 & CVE-2023-33010: Two Actively Exploited Zyxel Vulnerabilities

Once again, the looming specter of cyber attacks has come into sharp focus, with the Cybersecurity and Infrastructure Security Agency (CISA) recently throwing the spotlight on two actively exploited security vulnerabilities in Zyxel firewall and VPN devices.

With an increasing number of enterprises relying on these devices to safeguard their digital borders, the ramifications of such vulnerabilities can’t be overemphasized. The urgency has prompted CISA to issue an executive mandate for U.S. federal agencies to secure their systems through immediate patch implementation by June 26.


Zyxel, the company at the eye of the storm, has identified the issues and provided patches addressing these vulnerabilities, labeled CVE-2023-33009 and CVE-2023-33010. Both are buffer overflow vulnerabilities, a notorious type of security risk that can lead to a dire security breach when an attacker overfills a buffer with more data than it can handle.

CVE-2023-33009 dwells within the notification function of certain Zyxel products. This insidious threat allows an unauthenticated assailant to perform remote code execution or impose Denial of Service (DoS) conditions. Its counterpart, CVE-2023-33010, lurks within the ID processing function in some Zyxel devices, giving it similar, disruptive abilities. These vulnerabilities bear a critical severity score of 9.8 – a near-perfect score that underscores the urgency of the situation.

According to Zyxel, the at-risk devices are those running a particular range of firmware versions. The list of vulnerable devices spans from Zyxel ATP firmware versions ZLD V4.32 to V5.36 Patch 1 to Zyxel ZyWALL/USG firmware versions ZLD V4.25 to V4.73 Patch 1. The company has remedied the vulnerabilities in a series of patches, including ZLD V5.36 Patch 2 and ZLD V4.73 Patch 2.

Faced with the severe and immediate threat that these vulnerabilities pose, Zyxel strongly recommends users of the affected products apply the newest security updates as swiftly as possible.