CVE-2023-33012 : A command injection vulnerability in the configuration parser of the Zyxel ATP s

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.

Published 2023-07-17 18:15:09

Updated 2023-07-26 21:35:29

Source Zyxel Corporation

View at NVD, CVE.org

Products affected by CVE-2023-33012

Zyxel » Zywall Vpn 50 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_vpn_50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Vpn 50 » Version: N/A
Zyxel » Zywall Vpn 100 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_vpn_100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Vpn 100 » Version: N/A
Zyxel » Zywall Vpn 300 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_vpn_300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Vpn 300 » Version: N/A
Zyxel » Usg 2200-vpn Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:usg_2200-vpn_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg 2200-vpn » Version: N/A
Zyxel » Usg 20w-vpn Firmware
Versions from including (>=) 5.10 and before (<) 5.37
cpe:2.3:o:zyxel:usg_20w-vpn_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg 20w-vpn » Version: N/A
Zyxel » Zywall Vpn100 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_vpn100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Vpn100 » Version: N/A
Zyxel » Zywall Vpn300 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_vpn300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Vpn300 » Version: N/A
Zyxel » Usg Flex 100 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 100 » Version: N/A
Zyxel » Usg Flex 200 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 200 » Version: N/A
Zyxel » Usg Flex 500 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 500 » Version: N/A
Zyxel » Usg Flex 100w Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 100w » Version: N/A
Zyxel » Usg Flex 700 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 700 » Version: N/A
Zyxel » Zywall Atp100 Firmware
Versions from including (>=) 5.10 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_atp100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Atp100 » Version: N/A
Zyxel » Zywall Atp100w Firmware
Versions from including (>=) 5.10 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_atp100w_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Atp100w » Version: N/A
Zyxel » Zywall Atp200 Firmware
Versions from including (>=) 5.10 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_atp200_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Atp200 » Version: N/A
Zyxel » Zywall Atp500 Firmware
Versions from including (>=) 5.10 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_atp500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Atp500 » Version: N/A
Zyxel » Zywall Atp700 Firmware
Versions from including (>=) 5.10 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_atp700_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Atp700 » Version: N/A
Zyxel » Zywall Atp800 Firmware
Versions from including (>=) 5.10 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_atp800_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Atp800 » Version: N/A
Zyxel » Zywall Vpn50 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_vpn50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Vpn50 » Version: N/A
Zyxel » Zywall Vpn2s Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:zywall_vpn2s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Zywall Vpn2s » Version: N/A
Zyxel » Usg Flex 50w Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 50w » Version: N/A
Zyxel » Usg Flex 50 Firmware
Versions from including (>=) 5.00 and before (<) 5.37
cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Zyxel » Usg Flex 50 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-33012

EPSS FAQ

4.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-33012

Zyxel parse_config.py Command Injection

Disclosure Date: 2024-01-24

First seen: 2024-07-05

exploit/linux/http/zyxel_parse_config_rce

This module exploits vulnerabilities in multiple Zyxel devices including the VPN, USG and APT series. The affected firmware versions depend on the device module, see this module's documentation for more details. Note this module was unable to be tested against a real

More information

CVSS scores for CVE-2023-33012

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	Zyxel Corporation
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-33012

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Assigned by:
- nvd@nist.gov (Primary)
- security@zyxel.com.tw (Secondary)

References for CVE-2023-33012

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-wlan-controllers

Access denied | Zyxel Networks
Vendor Advisory

CVEs referencing this url

Jump to