CVE-2023-33011
Description
A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Format string vulnerability in Zyxel firewalls allows unauthenticated LAN attacker to execute OS commands via crafted PPPoE config when cloud management is enabled.
Vulnerability
A format string vulnerability exists in the PPPoE configuration handling of Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2 [1]. The vulnerability, identified as CVE-2023-33011, is triggered when the cloud management mode is enabled on the affected device [1].
Exploitation
An unauthenticated attacker with LAN access can exploit this vulnerability by sending a crafted PPPoE configuration to the affected device [1]. The attacker does not require authentication but needs to be on the same local network segment as the firewall. The vulnerable code path processes the PPPoE configuration string without proper sanitization, allowing the attacker to include format string specifiers that lead to arbitrary OS command execution [1]. No user interaction is required; the attack can be performed remotely from within the LAN.
Impact
Successful exploitation allows the attacker to execute arbitrary OS commands on the affected firewall device [1]. This gives the attacker complete control over the firewall, enabling actions such as modifying firewall rules, exfiltrating network data, installing persistent malware, or pivoting to other internal systems. The compromise impacts all three pillars of security (confidentiality, integrity, and availability) and grants the attacker root-level privileges on the device.
Mitigation
Zyxel released patches for all affected firmware versions. Users should update to the latest firmware versions provided in the Zyxel security advisory [1]. The advisory does not list specific fixed version numbers, but users are instructed to install the latest available firmware for their device series [1]. No workarounds are provided; the only complete mitigation is to disable cloud management mode or apply the firmware update. This CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- Range: 5.10 through 5.36 Patch 2
- Range: 5.10 through 5.36 Patch 2
5.10 through 5.36 Patch 2+ 1 more
- (no CPE)range: 5.10 through 5.36 Patch 2
- (no CPE)range: 5.00 through 5.36 Patch 2
- Range: 5.00 through 5.36 Patch 2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.