VulnCheck has uncovered vulnerabilities in several Zyxel Customer Premises Equipment (CPE) routers that allow unauthenticated code execution via Telnet, posing serious security risks. Ongoing exploitation is observed in the wild, emphasizing the need for urgent attention, despite these routers being out of support. Affected: Zyxel CPE routers (VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, etc.)
Keypoints :
- VulnCheck discovered vulnerabilities in Zyxel CPE routers leading to unauthenticated code execution.
- Attackers are actively exploiting these vulnerabilities as confirmed by GreyNoise.
- Approximately 1,500 Zyxel devices with internet-facing Telnet interfaces are currently vulnerable.
- Some affected models are still available for purchase online despite being end-of-life.
- The vulnerabilities include unauthenticated command injection via Telnet, particularly affecting multiple commands.
- Vulnerabilities were assigned CVE identifiers, including CVE-2024-40891 for command injection.
- Default credentials for access pose significant risks, facilitating potential exploitation.
MITRE Techniques :
- Command and Control (T1071): Exploitation through abuse of telnet commands to facilitate unauthorized access and control.
- Exploitation for Client Execution (T1203): Execution of arbitrary commands through command injection vulnerabilities.
Indicator of Compromise :
- No IoC Founds
Full Story: https://vulncheck.com/blog/zyxel-telnet-vulns