FlagThis

End-of-life Zyxel routers are under active attack via CVE-2024-40891, a command injection vulnerability, and the company has confirmed that no patches will be released. The affected models include VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500. Zyxel is advising users to replace these devices and those who obtained their Zyxel product through an internet service provider (ISP), to contact the ISP for support. Despite being EOL, approximately 1,500 affected systems with internet-facing Telnet interfaces remain in use worldwide.

Meanwhile, a security vulnerability, CVE-2025-23114, has been identified in the Veeam Updater component. This vulnerability allows Man-in-the-Middle attackers to execute arbitrary code on affected servers due to a failure to properly validate TLS certificates. The Veeam Backup vulnerability impacts Veeam Backup for AWS, Veeam Backup for Google Cloud, Veeam Backup for Microsoft Azure, Veeam Backup for Nutanix AHV, Oracle Linux Virtualization Manager and Red Hat Virtualization, Veeam Backup for Salesforce. Users are advised to review Veeam's knowledge base article KB4712 for further information and mitigation steps.

ImgSrc: img.helpnetsecurity.com

References:

• GBHackers Security | #1 Globally Trusted Cyber Security News Platform - GBHackers' article detailing the critical Veeam backup vulnerability and RCE. - 16d
• Vulnerability Archives ? Cybersecurity News - SecurityOnline's article on CVE-2025-23114, highlighting the remote code execution risk. - 16d
• socca.tech - Socca.tech's vulnerability assessment report on CVE-2025-23114. - 16d
• gbhackers.com - Veeam Backup Vulnerability Allows Attackers to Execute Arbitrary Code - 16d
• securityonline.info - CVE-2025-23114 (CVSS 9.0): Critical Veeam Backup Vulnerability Enables Remote Code Execution - 16d
• SOCRadar? Cyber Intelligence Inc. - Critical Veeam Vulnerability (CVE-2025-23114) Exposes Backup Servers to Remote Code Execution - 16d
• @screaminggoat - CVE-2025-23114 (9.0 critical) A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance serve - 16d
• www.heise.de - Veeam Backup: Code smuggling possible through MitM gap in updater Veeam Backup contains an updater that is vulnerable to man-in-the-middle attacks. - 16d
• The Hacker News - New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack - 16d
• nvd.nist.gov - The National Vulnerability Database (NVD) provides details about the vulnerability, including its severity and potential impact. - 16d
• www.veeam.com - Veeam's official knowledge base article details the vulnerability, provides guidance on mitigating the risk, and outlines recommended actions. - 16d
• www.helpnetsecurity.com - There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891 - 16d

Classification:

• HashTags: Vulnerability Patching Security
• Company: Zyxel, Netgear
• Target: Routers, Veeam Servers
• Product: Routers, Veeam Backup
• Feature: Patch Management
• Type: Vulnerability
• Severity: Medium