CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40891

High Severity
Zyxel
SVRS
40/100
CVSSv3
NA/10
EPSS
0.43021/1

CVE-2024-40891: Zyxel VMG4325-B10A command injection vulnerability. This allows authenticated attackers to execute operating system commands via Telnet. The vulnerability is in the management commands of the legacy DSL CPE firmware version 1.00(AAFR.4)C0_20170615.

Although CVE-2024-40891 has a relatively low SVRS of 40, it should not be ignored. Active exploits are available, posing a serious security risk. Successful exploitation grants an attacker full control of the affected device. This vulnerability is significant because, despite being old, vulnerable devices may still be in use, providing an easy target for attackers seeking to compromise networks. Immediate patching is needed to mitigate the threat.

TAGS
In The Wild
Vendor-advisory
CISA KEV
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2025-02-04
LAST MODIFIED2025-02-12
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-40891 describes a post-authentication command injection vulnerability in the management commands of Zyxel VMG4325-B10A DSL CPE firmware version 1.00(AAFR.4)C0_20170615. This vulnerability allows an authenticated attacker to execute arbitrary OS commands on the affected device via Telnet. The SVRS for this vulnerability is 40, indicating a moderate risk level.

Key Insights

  • Remote Code Execution: The vulnerability allows an attacker with valid credentials to execute arbitrary commands on the affected device. This grants the attacker the ability to take control of the device, steal sensitive data, install malware, or even launch further attacks against other systems.
  • Telnet Access: The vulnerability is specifically triggered through Telnet access. While Telnet is often considered insecure and should ideally be disabled, it is still used by some systems and devices.
  • Legacy Firmware: The affected firmware version is 1.00(AAFR.4)C0_20170615, which was released in 2017. This indicates that the vulnerability affects older devices and may no longer be supported by the vendor.
  • In The Wild: This vulnerability is actively exploited by hackers.

Mitigation Strategies

  • Firmware Update: The most effective mitigation is to upgrade the affected devices to the latest firmware version. The vendor may have released patches to address this vulnerability.
  • Disable Telnet: Disable Telnet access on the affected devices to prevent exploitation through this protocol.
  • Network Segmentation: Segmenting the network can limit the impact of a compromise. If the attacker gains access to the affected device, they are unlikely to be able to reach other critical systems.
  • Multi-Factor Authentication (MFA): Implement MFA on the device management interface to make it more difficult for attackers to authenticate.

Additional Information

This CVE is a significant security risk, especially considering it is actively being exploited "in the wild". Users should take immediate action to mitigate this vulnerability. If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Zyxel DSL CPE OS Command Injection Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-408912025-02-11
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Flashpoint Weekly Vulnerability Insights and Prioritization Report
Flashpoint Intel Team2025-05-01
Flashpoint Weekly Vulnerability Insights and Prioritization Report | Anticipate, contextualize, and prioritize vulnerabilities to effectively address threats to your organization. The post Flashpoint Weekly Vulnerability Insights and Prioritization Report appeared first on Flashpoint. <div
flashpoint-intel.com
rss
forum
news
Data Breaches Digest - Week 6 2025
Dunkie ([email protected])2025-04-01
Data Breaches Digest - Week 6 2025 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 3rd February and 9th February 2025. 9th February <br
healthcare
insurance
gaming
finance
Tageszusammenfassung - 29.01.2025
CERT.at2025-03-01
Tageszusammenfassung - 29.01.2025 | End-of-Day report Timeframe: Dienstag 28-01-2025 18:00 - Mittwoch 29-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a News Threat predictions for industrial enterprises 2025 Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025. https://securelist.com/industrial-threat-predictions-2025/115327/ ExxonMobil Lobbyist Caught Hacking Climate Activists</h3
cert.at
rss
forum
news
Data Breaches Digest - Week 5 2025
Dunkie ([email protected])2025-03-01
Data Breaches Digest - Week 5 2025 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 27th January and 2nd February 2025. 2nd February <br
dbdigest.com
rss
forum
news
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2025-02-12
U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-40891 is a command injection issue in Zyxel CPE Series devices that remains unpatched and has not yet [&#8230;] U.S
securityaffairs.co
rss
forum
news
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA2025-02-11
CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA has added four vulnerabilities to its&nbsp;Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. <a class="fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn ext" href="https://www.cve.org/CVERecord?id=CVE-2024-40891" rel="noreferrer noopener" target="_blank" title
cisa.gov
rss
forum
news
There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891
/u/boom_bloom2025-02-05
There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891 | &#32; submitted by &#32; /u/boom_bloom
reddit.com
rss
forum
news

Social Media

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability #CISO https://t.co/C8CKzWLhRp https://t.co/x7IjQI7Qbc
0
0
0
#Vulnerability #CVE202440891 Zyxel Routers Under Attack: Default Credentials (CVE-2025-0890) and Code Injection (CVE-2024-40891), No Patch! https://t.co/21MewHLDs3
0
0
0
Actively exploited CVE : CVE-2024-40891
1
0
0
New post from https://t.co/uXvPWJy6tj (CVE-2024-40891 | Zyxel VMG4325-B10A up to 1.00(AAFR.4)C0_20170615 os command injection) has been published on https://t.co/2ZecEWPYgW
0
0
0
Zyxel Routers Under Attack: Default Credentials (CVE-2025-0890) and Code Injection (CVE-2024-40891), No Patch! https://t.co/WeNxbsj9xR
0
0
0
🗣 Zyxel Routers Under Attack: Default Credentials (CVE-2025-0890) and Code Injection (CVE-2024-40891), No Patch! https://t.co/TOTWzWSbQS
0
0
1
Zyxel Routers Under Attack: Default Credentials (CVE-2025-0890) and Code Injection (CVE-2024-40891), No Patch! Critical vulnerabilities found in Zyxel routers! Learn how CVE-2025-0890 allows attackers to execute code and gain full control over devices https://t.co/iRVm0SYjYd
0
0
0
#Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability https://t.co/dYfEtN5Jk9 via @TheHackersNews #exploit #CVE #endoflife
0
0
0
[HelpNet] Swap EOL Zyxel routers, upgrade Netgear ones! There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting its routers and... https://t.co/oe5jWyui6Q
0
0
1
How to Mitigate CVE-2024-40891- Critical Vulnerability in Tenda AC8 Router Security https://t.co/EK6f9OzWIk https://t.co/xkvD2Waj7W
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
OSZyxelvmg1312-b10a_firmware
Configuration 2
TypeVendorProduct
OSZyxelvmg1312-b10b_firmware
Configuration 3
TypeVendorProduct
OSZyxelvmg1312-b10e_firmware
Configuration 4
TypeVendorProduct
OSZyxelvmg3312-b10a_firmware
Configuration 5
TypeVendorProduct
OSZyxelvmg3313-b10a_firmware
Configuration 6
TypeVendorProduct
OSZyxelvmg3926-b10b_firmware
Configuration 7
TypeVendorProduct
OSZyxelvmg4325-b10a_firmware
Configuration 8
TypeVendorProduct
OSZyxelvmg4380-b10a_firmware
Configuration 9
TypeVendorProduct
OSZyxelvmg8324-b10a_firmware
Configuration 10
TypeVendorProduct
OSZyxelvmg8924-b10a_firmware
Configuration 11
TypeVendorProduct
OSZyxelsbg3300-n000_firmware
Configuration 12
TypeVendorProduct
OSZyxelsbg3300-nb00_firmware
Configuration 13
TypeVendorProduct
OSZyxelsbg3500-n000_firmware
Configuration 14
TypeVendorProduct
OSZyxelsbg3500-nb00_firmware

References

ReferenceLink
[email protected]https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence