{"vulnerability": "CVE-2023-33009", "sightings": [{"uuid": "d8db1ad9-cccc-4636-b5a9-8108c4e0ad03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "437a1be1-83b5-4df9-8ca1-7cd759ccbc47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/b4a98411-68c8-46bf-aff8-1659046646b3", "content": "", "creation_timestamp": "2023-11-13T18:11:01.000000Z"}, {"uuid": "cd331c94-0de8-43e7-a0a4-6da456f5cf5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971828", "content": "", "creation_timestamp": "2024-12-24T20:34:33.767294Z"}, {"uuid": "d04fbb14-4b86-4dca-9f08-ea98bb2f4994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:42.000000Z"}, {"uuid": "ccb99fb8-0b54-4f8c-ad11-f8de13436eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/b4a98411-68c8-46bf-aff8-1659046646b3", "content": "", "creation_timestamp": "2025-07-07T05:16:45.000000Z"}, {"uuid": "8191a485-200b-41f5-bdf5-c7c0af7d12fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:58.000000Z"}, {"uuid": "73e60b02-31f4-4416-9fa0-b8762607b640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-33009", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d9ec5534-4fa6-4376-bccc-ae093c8406c6", "content": "", "creation_timestamp": "2026-02-02T12:26:57.840831Z"}, {"uuid": "5f9dbda3-f312-49eb-ab9d-07ef190768cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11981", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Russia: Sandworm have breached Danish energy sector companies. \nVery nice timeline analysis.\nCVE-2023-28771 + CVE-2023-33009 + CVE-2023-33010\n\nhttps://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear-en.pdf", "creation_timestamp": "2023-11-15T09:27:54.000000Z"}, {"uuid": "2f9888d0-b729-4b88-9c0d-02377e547cf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "exploited", "source": "Telegram/7hx0Eh-1rj7GqCpsGv8vc3vl2LENad0XkZ8Du0V4VFE6pg", "content": "", "creation_timestamp": "2023-06-06T06:52:33.000000Z"}, {"uuid": "7059a4ed-079b-4820-952d-428a193d2ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://t.me/arpsyndicate/375", "content": "#ExploitObserverAlert\n\nCVE-2023-33009\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-33009. A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\nFIRST-EPSS: 0.028100000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-22T23:57:09.000000Z"}, {"uuid": "bab7d1e1-abc3-4e96-b7db-e328751151ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "Telegram/o33eMMvV5GbS5_yvZwxR9Wy9Vxsb16o4MXlOt7k80dQpLQ", "content": "", "creation_timestamp": "2023-05-25T19:04:24.000000Z"}, {"uuid": "fad1e1f4-628e-4bd2-8b15-95dbe6f2d5d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "exploited", "source": "https://t.me/KomunitiSiber/314", "content": "Zyxel Firewalls Under Attack! Urgent Patching Required\nhttps://thehackernews.com/2023/06/zyxel-firewalls-under-attack-urgent.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday\u00a0placed\u00a0two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.\nThe vulnerabilities, tracked as\u00a0CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a", "creation_timestamp": "2023-06-06T07:25:44.000000Z"}, {"uuid": "842ddd82-76a9-4086-8d6d-ab78e7f56cfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://t.me/KomunitiSiber/262", "content": "Zyxel Issues Critical Security Patches for Firewall and VPN Products\nhttps://thehackernews.com/2023/05/zyxel-issues-critical-security-patches.html\n\nZyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution.\nBoth the flaws \u2013\u00a0CVE-2023-33009 and CVE-2023-33010\u00a0\u2013 are\u00a0buffer overflow vulnerabilities\u00a0and are rated 9.8 out of 10 on the CVSS scoring system.\nA brief description of the two issues is below -\n\nCVE-2023-33009\u00a0-", "creation_timestamp": "2023-05-25T19:12:23.000000Z"}, {"uuid": "b5a821bf-0c5e-4698-9d06-15b942f68249", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://t.me/true_secator/4429", "content": "Zyxel \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 firewall \u0438 VPN.\n\n\u041a\u0430\u043a \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c, \u043e\u0431\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u044c\u044e \u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0434\u0435\u043b\u0430.\n\n\u0412\u0441\u0435 \u044d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a DoS \u0438 RCE \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445. \u041f\u0440\u0438\u0447\u0435\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0431\u0430\u0433\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 Zyxel \u043a\u0430\u043a \u0440\u0430\u0437 \u0442\u0430\u043a\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 CVE-2023-33009 \u0438 CVE-2023-33010 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0443 \u043a\u0430\u0436\u0434\u043e\u0439 \u0432 9,8 \u0431\u0430\u043b\u043b\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0430\u043c\u0438: ATP \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 ZLD V4.32 \u0434\u043e V5.36, USG FLEX \u043e\u0442 ZLD V4.50 \u0434\u043e V5.36, USG FLEX50 (W) / USG20 (W) - \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 VPN \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u0442 ZLD V4.25 \u0434\u043e V5.36, VPN \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 ZLD V4.30 \u0434\u043e V5.36 \u0438 ZyWALL / USG \u043e\u0442 ZLD V4.25 \u0434\u043e V4.73.\n\n\u0412 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u0432\u043e\u0435\u043c \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f\u043c\u0438 \u043c\u0430\u043b\u043e\u0433\u043e \u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0433\u043e \u0431\u0438\u0437\u043d\u0435\u0441\u0430 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0432\u043e\u0435\u0439 \u0441\u0435\u0442\u0438 \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0438\u043b\u0438 \u0434\u043e\u043c\u0430\u0448\u043d\u0438\u043c \u0440\u0430\u0431\u043e\u0442\u043d\u0438\u043a\u0430\u043c, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0442\u0430\u043a\u0438\u0435 \u0434\u0435\u0432\u0430\u0439\u0441\u044b \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u043c \u0443\u0441\u0442\u0440\u0435\u043c\u043b\u0435\u043d\u0438\u0439 \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0445\u0430\u043a\u0435\u0440\u043e\u0432.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0434\u0430\u0431\u044b \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0438\u0441\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432. \n\n\u0412\u0435\u0434\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zyxel (CVE-2023-28771), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435,\u00a0\u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c Mirai DDoS.\u00a0\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0443\u0436\u0435 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0434\u0435\u043b\u044e \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 PoC \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438.", "creation_timestamp": "2023-05-26T18:40:05.000000Z"}, {"uuid": "45979b38-ff71-45e3-be52-0de910e58531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://t.me/cibsecurity/64677", "content": "\u203c CVE-2023-33009 \u203c\n\nA buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-24T16:26:54.000000Z"}]}