Imagine discovering that a critical vulnerability exists in your network’s CPE device, which not only poses a security threat but also has not yet been patched by the manufacturer, putting your system at immediate risk. This scenario is a reality for many Zyxel customers today due to a serious command-injection vulnerability identified as CVE-2024-40891, affecting Zyxel CPE Series devices. This flaw was discovered and reported by VulnCheck, a vulnerability intelligence group, back in July, but Zyxel has yet to release a patch or even acknowledge the issue publicly.
This particular vulnerability, if exploited, can enable threat actors to run arbitrary commands, which could potentially compromise entire systems, infiltrate networks, and cause severe data breaches. GreyNoise researchers, in collaboration with VulnCheck, decided to disclose this vulnerability due to the high volume of observed attacks targeting these specific devices. This vulnerability bears similarities to CVE-2024-40890, the main difference being one is telnet-based and the other HTTP-based, yet both allow unauthenticated attackers to exploit service accounts to execute commands.
The fact that no patch has been released is all the more worrying when considering that over 1,500 devices online remain vulnerable. To complicate matters, botnet operators have already encoded exploits for this particular flaw into certain strains of Mirai, a notorious malware strain. GreyNoise researchers noted a significant overlap between IP addresses linked to Mirai and those exploiting CVE-2024-40891, further highlighting the vulnerability’s exploitation in the wild.
Given that Zyxel has been unresponsive, GreyNoise has issued several recommendations to help mitigate the risks. Users are urged to monitor their network traffic vigilantly for uncommon requests directed towards Zyxel CPE management interfaces. Following Zyxel’s security updates closely is crucial. Further steps include restricting administrative access to trusted IP addresses and disabling any unused remote management features to minimize potential entry points for attackers.
In summary, the delay in addressing this vulnerability by Zyxel has raised significant concern among users and security experts. While the collaborative efforts between VulnCheck and GreyNoise in disclosing this vulnerability aim to raise awareness, it is crucial for users to take immediate action by following the outlined recommendations. Until Zyxel releases a fix, proactive measures are essential to safeguard your network against potential exploits trying to take advantage of this critical vulnerability.