- Security researchers warn about two Zyxel defects that are abused in nature
- The manufacturer confirmed the findings, but said the devices are no longer compatible.
- Users are recommended to migrate to newer models.
Zyxel has recognized a series of security problems with some of his most popular routers, but says he will not broadcast any patch because the devices come to their end of life.
Security researchers first discovered two vulnerabilities in several devices connected to Zyxel Internet in the summer of 2024, and warned earlier this month that failures are being exploited in nature.
In a recently launched security notice, the manufacturer of Taiwanese network equipment recognized the failures and the fact that they are being abused in nature, but emphasized that vulnerable devices have passed their end of life date and, by what So much, they are no longer supported. . Instead, users must migrate to newer and still admitted devices.
Wide attack surface
The two vulnerabilities are traced as CVE-2024-40891 (inadequate command validation) and CVE-2025-0890 (weak predetermine credential failures).
“Zyxel recently realized that CVE-2024-40890 and CVE-2024-40891 were mentioned in a publication about Greynoise’s blog.
In addition, Vulcheck informed us that they will publish the technical details about CVE-2024-40891 and CVE-2025-0890 in their blog. We have confirmed that the affected models reported by Vulcheck, VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10 A, VMG8924-B10A , SBG3300 and SBG3500, are inherited products that have reached the end of life (EOL) for years.
Therefore, we strongly recommend that users replace them with new generation products for optimal protection, ”Zyxel said in the notice.
In your article Bleepingcomputer He says that both FOFA and Censas are showing more than 1,500 devices of the CPE Zyxel series exposed to the Internet, which suggests that the attack surface is “significant.” At the same time, Viock also shared a proof of concept (POC) against VMG4325-B10A with firmware 1.00 (Aafr.4) c0_20170615, which shows that the attack is more than only theoretical.
“While these systems are older and more apparently long without support, they are still very relevant due to their continuous use throughout the world and the sustained interest of the attackers,” said Viocheck. “The fact that the attackers continue to actively exploit these routers underline the need for attention, since understanding the attacks of the real world is essential for effective security investigation.”
