CVE-2023-33012
Description
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection in Zyxel firewall configuration parser lets unauthenticated LAN attackers execute OS commands via crafted GRE config when cloud management is enabled.
Vulnerability
The vulnerability is a command injection in the configuration parser of Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series 5.00 through 5.36 Patch 2, USG FLEX 50(W) series 5.10 through 5.36 Patch 2, USG20(W)-VPN series 5.10 through 5.36 Patch 2, and VPN series 5.00 through 5.36 Patch 2. The flaw resides in the handling of GRE (Generic Routing Encapsulation) configuration data. An attacker can inject OS commands by providing a crafted GRE configuration when the cloud management mode is enabled on the device. [1]
Exploitation
An unauthenticated attacker with LAN access can exploit this vulnerability by sending a specially crafted GRE configuration to the affected device. The attack requires that the cloud management mode is enabled. No authentication is needed, and the attacker does not need prior access to the device's administrative interface. The crafted input is not properly sanitized by the configuration parser, allowing command injection. [1]
Impact
Successful exploitation allows the attacker to execute arbitrary OS commands on the device. This can lead to full compromise of the firewall, including data exfiltration, installation of backdoors, or disruption of network services. The attacker gains the ability to run commands with the privileges of the affected process, potentially leading to complete control over the device. [1]
Mitigation
Zyxel has released patches to address this vulnerability. Users should update their firmware to the latest versions as indicated in the security advisory [1]. For affected models, the fixed versions are available from Zyxel's support portal. There is no known workaround; enabling cloud management mode is a prerequisite, but disabling it may not be feasible in all deployments. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
75.10 to 5.36 Patch 2+ 1 more
- (no CPE)range: 5.10 to 5.36 Patch 2
- (no CPE)range: 5.10 through 5.36 Patch 2
5.00 to 5.36 Patch 2+ 2 more
- (no CPE)range: 5.00 to 5.36 Patch 2
- (no CPE)range: 5.10 through 5.36 Patch 2
- (no CPE)range: 5.00 through 5.36 Patch 2
- Range: 5.10 through 5.36 Patch 2
- Range: 5.00 through 5.36 Patch 2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.