CVE-2023-6764
CVE-2023-6764 is a high-severity vulnerability in Zyxel Atp100 Firmware with a CVSS 3.x base score of 8.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-134.
Key facts
- Severity: High (CVSS 3.x base score 8.1)
- EPSS exploit prediction: 1% (55th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2023-58976
- Weakness: CWE-134
- Affected product: Zyxel Atp100 Firmware
- Published:
- Last modified:
Description
A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
Frequently asked questions
- What is CVE-2023-6764?
- A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.
- How severe is CVE-2023-6764?
- CVE-2023-6764 has a CVSS 3.x base score of 8.1, rated high severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2023-6764 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (55th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-6764?
- CVE-2023-6764 primarily affects Zyxel Atp100 Firmware. In total, 63 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2023-6764?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2023-6764 have an EU (EUVD) identifier?
- Yes. CVE-2023-6764 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2023-58976.
- When was CVE-2023-6764 published?
- CVE-2023-6764 was published on 2024-02-20 and last updated on 2026-06-17.
References
Affected products (63)
- cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*
- cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Zyxel Atp100 Firmware
- CVE-2023-33010 — Critical (CVSS 9.8): A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36…
- CVE-2023-33009 — Critical (CVSS 9.8): A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36…
- CVE-2023-28771 — Critical (CVSS 9.8): Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware…
- CVE-2022-30525 — Critical (CVSS 9.8): A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21…
- CVE-2022-0342 — Critical (CVSS 9.8): An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through…
- CVE-2020-29583 — Critical (CVSS 9.8): Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The…
All CVEs affecting Zyxel Atp100 Firmware →
Other CWE-134 vulnerabilities
- CVE-2012-1851 — Critical (CVSS 10.0): Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,…
- CVE-2012-0242 — Critical (CVSS 10.0): Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary…
- CVE-2011-2475 — Critical (CVSS 10.0): Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server…
- CVE-2011-1568 — Critical (CVSS 10.0): Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and…
- CVE-2010-4235 — Critical (CVSS 10.0): Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server…
- CVE-2011-0270 — Critical (CVSS 10.0): Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows…