CyberSecurity news
FlagThis
@www.helpnetsecurity.com - 29d
Zyxel CPE devices are under active attack due to a critical, unpatched zero-day vulnerability identified as CVE-2024-40891. This command injection flaw allows unauthenticated attackers to execute arbitrary commands via the telnet protocol, potentially leading to complete system compromise, data exfiltration, and network infiltration. The vulnerability, first acknowledged by VulnCheck in July 2024, is similar to another HTTP-based flaw, CVE-2024-40890, but uses telnet, and continues to be exploited because of the lack of a patch from Zyxel. Cyber security researchers have observed active exploitation attempts originating from numerous IP addresses, particularly in Taiwan, impacting over 1,500 devices globally, according to Censys.
The active exploitation of CVE-2024-40891 has prompted security researchers to issue warnings and provide guidance to affected users. GreyNoise, in collaboration with VulnCheck, has been monitoring the attacks and observed a significant overlap between IPs exploiting this vulnerability and those associated with the Mirai botnet. The lack of an official fix means that users are urged to take immediate steps such as filtering traffic for unusual telnet requests, restricting administrative interface access to trusted IPs, and monitoring Zyxel's official communication channels for patch announcements. These actions are crucial to mitigate the risk of exploitation until Zyxel releases an official patch.
ImgSrc: img.helpnetsecu
References :
The active exploitation of CVE-2024-40891 has prompted security researchers to issue warnings and provide guidance to affected users. GreyNoise, in collaboration with VulnCheck, has been monitoring the attacks and observed a significant overlap between IPs exploiting this vulnerability and those associated with the Mirai botnet. The lack of an official fix means that users are urged to take immediate steps such as filtering traffic for unusual telnet requests, restricting administrative interface access to trusted IPs, and monitoring Zyxel's official communication channels for patch announcements. These actions are crucial to mitigate the risk of exploitation until Zyxel releases an official patch.
ImgSrc: img.helpnetsecu
Share:
References :
- The Hacker News: Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
- Help Net Security: Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
- gbhackers.com: Zyxel CPE Zero-Day (CVE-2024-40891) Exploited in the Wild
- thedefendopsdiaries.com: Exploiting the Unpatched: A Deep Dive into Zyxel CPE Vulnerability
- ciso2ciso.com: Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers
- securityonline.info: Zero-Day Alert: Mirai Botnet Exploiting Unpatched Zyxel CPE Vulnerability (CVE-2024-40891)
- www.bleepingcomputer.com: Hackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July.
Classification:
- HashTags: #Zyxel #CyberAttack #Vulnerability
- Company: Zyxel
- Target: Zyxel Users
- Product: CPE Devices
- Feature: Remote Access
- Type: Vulnerability
- Severity: Major