Safety researchers have raised alarms about energetic exploitation makes an attempt concentrating on a newly found zero-day command injection vulnerability in Zyxel CPE Collection units, tracked as CVE-2024-40891.
This crucial vulnerability, which stays unpatched and undisclosed by the seller, has left over 1,500 units globally uncovered to potential compromise, as reported by Censys.
In regards to the Vulnerability – CVE-2024-40891
CVE-2024-40891 is a telnet-based command injection vulnerability that permits unauthenticated attackers to execute arbitrary instructions through service accounts resembling “supervisor” or “zyuser.”
Profitable exploitation might end in system compromise, information theft, and community infiltration.
The vulnerability is much like CVE-2024-40890, a beforehand noticed HTTP-based difficulty, with the important thing distinction being using telnet because the assault vector for CVE-2024-40891.
Integrating Utility Safety into Your CI/CD Workflows Utilizing Jenkins & Jira -> Free Webinar
GreyNoise safety researchers have confirmed energetic makes an attempt to use this vulnerability within the wild.
These exploitation makes an attempt surfaced simply days after the vulnerability was disclosed to pick safety companions by VulnCheck on August 1, 2024.
Alarmingly, the vulnerability has not but been addressed by Zyxel by means of an official advisory or firmware replace.
Exploitation Noticed and Response
GreyNoise, in collaboration with VulnCheck, has been monitoring malicious visitors linked to CVE-2024-40891 since January 21, 2025.
Exploitation patterns and attacker IPs at the moment are being tracked in real-time. Given the sheer quantity of assaults, safety researchers opted for public disclosure slightly than ready for an official vendor response, to make sure that organizations can take rapid defensive measures.
This case underscores the dangers offered by zero-day vulnerabilities, significantly in extensively deployed, internet-facing units resembling Zyxel’s CPE Collection.
Attackers exploiting this flaw might obtain full management of affected units, creating a major threat for organizations reliant on these methods.
Organizations utilizing Zyxel CPE Collection units ought to take the next steps instantly:
- Community Monitoring: Intently monitor community visitors for uncommon telnet exercise concentrating on Zyxel CPE administration interfaces.
- Entry Controls: Limit administrative entry to trusted IP addresses and disable unused distant administration performance.
- Vendor Updates: Keep vigilant for safety bulletins or patches from Zyxel and deploy updates as quickly as they develop into obtainable.
- EOL Gadgets: If utilizing units which have reached end-of-life, think about decommissioning them to mitigate dangers.
The cybersecurity neighborhood is urging Zyxel to launch an official patch promptly to handle this crucial vulnerability. Till then, organizations are suggested to implement all attainable mitigations to safeguard their networks.
Acquire Menace Intelligence with TI Lookup to enhance your organization’s safety - Get 50 Free Request