Friday , July 11 2025
Zyxel

CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild

Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series devices, known as CVE-2024-40891. The critical, unpatched vulnerability has left more than 1,500 devices worldwide at risk, according to Censys.

About the Vulnerability – CVE-2024-40891:

AMD discloses 4 new CPU flaws Affecting Many CPUs

AMD has revealed four new vulnerabilities that could enable attackers to access sensitive data via timing-based side-channel attacks. These vulnerabilities,...
Read More
AMD discloses 4 new CPU flaws Affecting Many CPUs

GitLab patched XSS and Authorization Bypass Flaws

GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE) to fix vulnerabilities that could enable...
Read More
GitLab patched XSS and Authorization Bypass Flaws

CVE-2025-7206
Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow

A newly found vulnerability (CVE-2025-7206) in the D-Link DIR-825 router firmware version 2.10 poses a significant risk to home and...
Read More
CVE-2025-7206  Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow

Urgently patch now: Zoom Patches 6 Flaws

Zoom released a security update addressing six newly discovered vulnerabilities in its Workplace, Rooms, and SDK products for Windows, macOS,...
Read More
Urgently patch now: Zoom Patches 6 Flaws

Whatsapp rival ‘Bitchat’, message without internet

Jack Dorsey, co-founder of Twitter and Block Head, launched a new peer-to-peer messaging app called Bitchat, which operates solely over...
Read More
Whatsapp rival ‘Bitchat’, message without internet

Splunk Addresses Third-Party Package Vulns in SOAR Versions

Splunk has issued critical security updates for SOAR versions 6.4.0 and 6.4 to fix several vulnerabilities in third-party packages. The...
Read More
Splunk Addresses Third-Party Package Vulns in SOAR Versions

Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs

Cybersecurity researcher Jeremiah Fowler found an unsecured database with 245,949 records, reported to vpnMentor. It likely belonged to a tax...
Read More
Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs

CVE-2025-25257
Fortinet Addresses Major SQL Injection Flaw in FortiWeb

Fortinet has issued a critical patch for a critical vulnerability in its FortiWeb product, a web application firewall commonly used...
Read More
CVE-2025-25257  Fortinet Addresses Major SQL Injection Flaw in FortiWeb

Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws

Microsoft's Patch Tuesday in July 2025 is critical, featuring updates for 137 vulnerabilities, including a zero-day in Microsoft SQL Server....
Read More
Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws

Android malware Anatsa infiltrates Google Play targeting banks worldwide

ThreatFabric researchers have discovered a new sophisticated campaign by the Anatsa banking trojan targeting mobile banking users in the U.S....
Read More
Android malware Anatsa infiltrates Google Play targeting banks worldwide

CVE-2024-40891 is a vulnerability that lets attackers run commands on systems without needing to log in, using accounts like “supervisor” or “zyuser.” This could allow attackers to take control of the system and steal data.

The vulnerability CVE-2024-40891 is similar to CVE-2024-40890, which was an HTTP-based issue, but it uses telnet as the attack vector.

GreyNoise security researchers have confirmed that this vulnerability is being actively exploited. Exploitation attempts appeared shortly after VulnCheck disclosed the vulnerability to select security partners on August 1, 2024.

Zyxel has not yet addressed the vulnerability with an official advisory or firmware update.

Exploitation Observed and Response:

GreyNoise and VulnCheck have been tracking malicious traffic associated with CVE-2024-40891 since January 21, 2025. Exploitation patterns and attacker IPs are now being tracked in real-time. Due to the high volume of attacks, security researchers chose to disclose this information publicly so organizations can act quickly to defend themselves.

This situation highlights the risks of zero-day vulnerabilities, especially in commonly used internet-facing devices like Zyxel’s CPE Series. Attackers can gain full control of affected devices through this flaw, posing a serious risk for organizations that rely on them.

Organizations using Zyxel CPE Series devices should take the following steps immediately:

Network Monitoring: Monitor network traffic for unusual telnet activity on Zyxel CPE management interfaces.
Access Controls: Limit admin access to trusted IP addresses and disable unused remote management features.
Vendor Updates: Keep an eye out for Zyxel security updates and apply them immediately.
EOL Devices: Decommission any devices that are no longer supported to reduce risks.

The cybersecurity community is urging Zyxel to release a patch quickly to address this vulnerability. In the meantime, organizations should take precautions to protect their networks.

Check Also

Splunk Addresses Third-Party Package Vulns in SOAR Versions

Splunk has issued critical security updates for SOAR versions 6.4.0 and 6.4 to fix several …

Leave a Reply

Your email address will not be published. Required fields are marked *