InfoSecBulletin Cybersecurity for mankind
Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series devices, known as CVE-2024-40891. The critical, unpatched vulnerability has left more than 1,500 devices worldwide at risk, according to Censys.
About the Vulnerability – CVE-2024-40891:
DeepSeek Sensitive data exposed To Web: Wiz report
“FirePass” starts its operation in Bangladesh officially
PoC Exploit Released for TP-Link Router XSS Vuln
CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild
Apple fixed year’s first actively exploited zero-day flaw
DeepSeek Hit by massive Cyber Attack, Limits Registrations
GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs
Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes
UnitedHealth confirms 190 million impacted by 2024 data breach
Registration Open For BCS CTF 2025
CVE-2024-40891 is a vulnerability that lets attackers run commands on systems without needing to log in, using accounts like “supervisor” or “zyuser.” This could allow attackers to take control of the system and steal data.
The vulnerability CVE-2024-40891 is similar to CVE-2024-40890, which was an HTTP-based issue, but it uses telnet as the attack vector.
GreyNoise security researchers have confirmed that this vulnerability is being actively exploited. Exploitation attempts appeared shortly after VulnCheck disclosed the vulnerability to select security partners on August 1, 2024.
Zyxel has not yet addressed the vulnerability with an official advisory or firmware update.
Exploitation Observed and Response:
GreyNoise and VulnCheck have been tracking malicious traffic associated with CVE-2024-40891 since January 21, 2025. Exploitation patterns and attacker IPs are now being tracked in real-time. Due to the high volume of attacks, security researchers chose to disclose this information publicly so organizations can act quickly to defend themselves.
This situation highlights the risks of zero-day vulnerabilities, especially in commonly used internet-facing devices like Zyxel’s CPE Series. Attackers can gain full control of affected devices through this flaw, posing a serious risk for organizations that rely on them.
Organizations using Zyxel CPE Series devices should take the following steps immediately:
Network Monitoring: Monitor network traffic for unusual telnet activity on Zyxel CPE management interfaces.
Access Controls: Limit admin access to trusted IP addresses and disable unused remote management features.
Vendor Updates: Keep an eye out for Zyxel security updates and apply them immediately.
EOL Devices: Decommission any devices that are no longer supported to reduce risks.
The cybersecurity community is urging Zyxel to release a patch quickly to address this vulnerability. In the meantime, organizations should take precautions to protect their networks.
