New Zyxel Zero-Day Under Attack, No Patch Available
Posted: Thu Jan 30, 2025 1:47 am
Malware hunters at GreyNoise are reporting active exploitation of a newly discovered zero-day vulnerability in Zyxel CPE devices alongside warnings that there are no patches available from the vendor.
GreyNoise, which monitors the internet for malicious activity, described the flaw as a critical command injection issue that opens the door for attackers to gain full system compromise.
The company is tracking the issue as CVE-2024-40891 and cautions that, according to data from Censys, there are more than 1,500 devices currently exposed to exploitation.
[...]
New Zyxel Zero-Day Under Attack, No Patch Available
GreyNoise, which monitors the internet for malicious activity, described the flaw as a critical command injection issue that opens the door for attackers to gain full system compromise.
The company is tracking the issue as CVE-2024-40891 and cautions that, according to data from Censys, there are more than 1,500 devices currently exposed to exploitation.
[...]
New Zyxel Zero-Day Under Attack, No Patch Available