Security News > 2025 > January > Hackers exploit critical unpatched flaw in Zyxel CPE devices
2025-01-29 14:42
Hackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July. [...]
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-04 | CVE-2024-40891 | OS Command Injection vulnerability in Zyxel products **UNSUPPORTED WHEN ASSIGNED** A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet. | 8.8 |