Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, that affect several of its firewall and VPN products.

A remote, unauthenticated attacker can can trigger the flaws to cause a denial-of-service (DoS) condition and remote code execution on vulnerable devices.

Below are the description for both issues provided by the vendor in a security advisory:

CVE-2023-33009 – A buffer overflow vulnerability in the notification function in some firewall versions could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.