Security experts at GreyNoise have detected active exploitation of a new zero-day vulnerability affecting Zyxel CPE devices, currently without any available patches.
These vulnerabilities are particularly dangerous as cybercriminals can exploit them to gain unauthorized access or cause damage before a fix is available.
GreyNoise, known for its rigorous monitoring of internet security threats, has identified this flaw as a severe command injection issue, which could allow attackers to completely take over affected systems.
No Patch Available: Understanding the Risk
The vulnerability is being tracked as CVE-2024-40891 and exposes over 1,500 devices to potential attacks, data from Censys reveals.
According to GreyNoise, the flaw bears similarities to a previously addressed vulnerability (CVE-2024-40890), but it exploits Telnet rather than HTTP, making it a more direct threat.
GreyNoise reports that both vulnerabilities allow unauthenticated attackers to use service accounts such as “supervisor” or “zyuser” to gain access to high-level privileges.
Despite the severity of the risk, Zyxel has yet to issue any statements or patches for this latest security threat.
GreyNoise decided to release details about the vulnerability before patches were available because the issue has been publicly known since August 2024.
Recommended Immediate Actions for Network Security
GreyNoise advises network defenders to limit Telnet administrative access exclusively to trusted IP ranges and to deactivate any unnecessary remote services to mitigate risk.
The company also urges to keep a vigilant eye on network logs for any irregular activities targeting Zyxel CPE management interfaces.
Moreover, it asks administrators to stay updated with Zyxel’s security advisories and apply any patches as soon as they are issued.
GreyNoise also recommends discontinuing the use of any Zyxel devices no longer supported by the manufacturer and to verify that no unauthorized accounts have been created.
Anas Hasan
January 30, 2025
9 months ago
