Summary: A new critical command injection vulnerability, tracked as CVE-2024-40891, affects Zyxel CPE Series devices, allowing attackers to execute arbitrary commands, resulting in potential system compromise and data breaches. The vulnerability has been linked to a variant of the Mirai botnet, with active exploitation attempts being observed. Immediate monitoring and mitigation recommendations are advised for affected organizations.
Affected: Zyxel CPE Series devices
Keypoints :
- Active exploitation of CVE-2024-40891 is occurring, with over 1,500 vulnerable devices identified online.
- The vulnerability allows unauthenticated attackers to execute arbitrary commands due to its telnet-based nature.
- Immediate recommendations include network monitoring for unusual telnet requests, patch readiness, and restricting administrative access to trusted IPs.
Source: https://www.greynoise.io/blog/active-exploitation-of-zero-day-zyxel-cpe-vulnerability-cve-2024-40891