Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers

Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
Summary: A command-injection vulnerability (CVE-2024-40891) in Zyxel CPE Series devices is actively being exploited, with no patch available even after its discovery six months ago. Vulnerable devices could allow attackers to execute arbitrary commands, leading to serious security risks. Researchers are urging users to take immediate protective measures while they await a resolution from Zyxel.

Affected: Zyxel CPE Series devices

Keypoints :

  • Vulnerability allows unauthorized command execution on devices.
  • Over 1,500 vulnerable devices are currently online, with some linked to known botnets like Mirai.
  • Recommendations include filtering traffic, monitoring updates, restricting access, and disabling unused features.

Source: https://www.darkreading.com/endpoint-security/unpatched-zyxel-cpe-zero-day-cyberattackers