Zyxel CPE Vulnerability Faces Exploitation as Patch Remains Unavailable

A serious command-injection vulnerability affecting Zyxel CPE Series devices is currently under active attack, raising significant security concerns among users and network administrators. Notably, there is no available patch to rectify this security flaw.

The vulnerability, identified as CVE-2024-40891, was initially discovered by VulnCheck, a firm specializing in vulnerability intelligence. The issue was reported to Zyxel in July of the previous year, but nearly six months later, there has been no response or fix from the vendor.

If exploited, CVE-2024-40891 could grant attackers the capability to execute arbitrary commands on compromised devices. This level of access can lead to severe consequences, including full system compromise, unauthorized network access, and potential data breaches, according to findings from VulnCheck.

Researchers from GreyNoise have been collaborating with VulnCheck on monitoring the exploitation of this vulnerability. Due to a significant increase in attacks, they made the decision to publicly disclose their findings this week.

Importantly, CVE-2024-40891 bears similarities to another known vulnerability, CVE-2024-40890. The distinction lies in their protocols: one is telnet-based while the other operates over HTTP. Both vulnerabilities permit unauthenticated attackers to execute arbitrary commands through service accounts, with potential access either as “supervisor” or “zyuser”.

The absence of a fix not only raises alarms but also highlights a troubling trend. Data from Censys indicates that over 1,500 devices remain exposed to the vulnerability online. Moreover, indications suggest that some botnet operators have integrated exploitation capabilities for this flaw into their malicious software, according to GreyNoise.

GreyNoise’s investigation revealed significant overlap between IP addresses exploiting CVE-2024-40891 and those linked to the notorious Mirai botnet. They confirmed that various strains of Mirai have incorporated the capability to target this particular vulnerability.

Given the lack of an immediate solution, GreyNoise recommends several precautionary measures for Zyxel users. These include filtering traffic for any unusual requests directed at Zyxel CPE management interfaces, staying abreast of any security updates from Zyxel, restricting administrative access to trusted IP addresses, and disabling any unused remote management features.

Source
www.darkreading.com

Unaddressed Zero-Day Vulnerability in Zyxel CPE Targeted by Cyberattackers

Zyxel CPE Vulnerability Faces Exploitation as Patch Remains Unavailable

Google Warns of Increasing Enterprise-Specific Zero-Day Exploits

Cybersecurity Leaders Condemn ‘Political Persecution’ of Chris Krebs in Letter to the President

Broadcom-Supported SAN Devices Vulnerable to Code Injection Attacks Due to Critical Fabric OS Flaw

Kolkata Hotel Fire Claims at Least 14 Lives, According to Police

Raphinha Transforms from Unsung Hero to Ballon d’Or Contender for Barcelona

An Existential Moment: Greens Challenge Reform for Disenchanted Voters

Breaking news

Kolkata Hotel Fire Claims at Least 14 Lives, According to Police

“Set the Record Straight: What Really Happened to the Wisconsin Judge”

St. Louis Officials Shocked by Discovery of Two Bodies

Abreu’s Three-Run Homer Powers Red Sox to Victory Over Jays

Beyoncé’s Cowboy Carter Tour Kickoff Featuring Blue Ivy and Rumi’s Unmissable Cameo

Pakistan Accuses India of Preparing Attack Within 36 Hours as Tensions Rise Between Nuclear-Armed Neighbors

Concerns Arise Over Foreign Influence in the Arctic Due to Svalbard Land Deal