CVE-2023-33012

Summary

CVE-2023-33012 is a command injection vulnerability affecting various Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, and VPN firmware versions. When the cloud management mode is enabled, an unauthenticated attacker on the LAN can exploit this vulnerability by crafting a malicious GRE configuration, allowing them to execute certain OS commands. This issue could potentially result in significant security risks and system compromise. Users are strongly advised to update their firmware to the latest patched versions as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.