Actively exploited vulnerability

CVE-2024-40891: Zyxel DSL CPE OS Command Injection Vulnerability

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.

CISA KEV source 11 Feb 2025 added 4 Mar 2025 remediation due

Affected product

Zyxel ยท DSL CPE Devices

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2024-40891.

Dark Reading30 Jan 2025

Unpatched Zyxel CPE Zero-Day Pummeled by Cyberattackers

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.