Researchers have identified a critical zero-day vulnerability (CVE-2024-40891) affecting Zyxel CPE Series devices, which is currently being exploited. Attackers can execute arbitrary commands, risking system compromise and data theft. The vulnerability has not been disclosed publicly or patched, and attempts are often traced back to Taiwan. Security experts recommend implementing traffic filters for suspicious HTTP requests and limiting access to administrative interfaces. This vulnerability is notably described as Telnet-based, unlike a similar vulnerability (CVE-2024-40890) that uses HTTP. Users are urged to take precautionary measures until a patch is made available.
Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.
CVE-2024-40891 is very similar to CVE-2024-40890, with the main difference being that the former is Telnet-based while the latter is HTTP-based.
Users are advised to filter traffic for unusual HTTP requests to Zyxel CPE management interfaces and restrict administrative interface access to trusted IPs.
Statistics gathered by the threat intelligence firm show that attack attempts have originated from dozens of IP addresses, with a majority of them located in Taiwan.
Collection
[
|
...
]