From thehackernews.com
Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution.
Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system.
A brief description of the two issues is below –
- CVE-2023-33009 – A buffer overflow vulnerability in the notification function that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.
- CVE-2023-33010 – A buffer overflow vulnerability in the ID processing function that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.