Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:
CYBER ALERT
Home / CYBER ALERT
/
Zyxel: Network Exploitation of CVE-2024-40891 Detected (AL02/250204/CSIRT-ITA)

Zyxel: Network Exploitation of CVE-2024-40891 Detected (AL02/250204/CSIRT-ITA)

Description and potential impacts

Security researchers have recently detected active online exploitation of the CVE-2024-40891 vulnerability – exploited as a 0-day – present on DSL CPE devices no longer supported by Zyxel.

This vulnerability – of the “Command Injection” type and with a CVSS v3.1 score of 9.8 – could allow an attacker to execute arbitrary commands (RCE) on target devices, via appropriately crafted Telnet requests. The vulnerability is similar to CVE-2024-40890, which also currently has no patch available, with the only difference that the latter uses the HTTP protocol instead of the Telnet protocol.

Finally, Zyxel has also documented CVE-2025-0890 – of the “Privilege Escalation” type – which could allow an attacker to access the device management interface if the default credentials have not been changed.

For any further information, we recommend consulting the links to the analysis, available in the References section.

Risk

Vulnerability Community Impact Estimate: Critical (81.79)

Type

  • Remote Code Execution
  • Privilege Escalation

Affected Products and/or Versions

Zyxel DSL CPE: VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500

Mitigation Actions

In line with vendor statements, the reported devices are legacy products that have reached EOL status for several years. In accordance with industry product lifecycle management practices, Zyxel recommends that customers replace such products with next-generation equipment for optimal protection.

CVE
CVE-2024-40890
CVE-2024-40891
CVE-2025-0890

References

https://www.greynoise.io/blog/active-exploitation-of-zero-day-zyxel-cpe-vulnerability-cve-2024-40891

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.

Recommended to you

Search in 365TRUST

Our services