Zyxel Security Advisory: Urgent Need for Device Replacement Due to Critical Vulnerabilities in CPE Series

By /

Listen to this Post

2025-02-04

Zyxel has recently issued an urgent security advisory regarding vulnerabilities found in its CPE Series devices, which are actively being exploited in the wild. The company has confirmed that it has no plans to patch these flaws and has recommended that users upgrade to newer models. The flaws, discovered by VulnCheck and later confirmed by GreyNoise, expose over 1,500 Zyxel devices to potential attacks. This article dives into the details of these vulnerabilities and provides an analysis of the situation.

the Vulnerabilities

Zyxel’s security advisory concerns two critical flaws affecting its CPE Series devices, which have been found to be actively exploited. The vulnerabilities were first discovered in July 2024 but only gained attention when GreyNoise reported ongoing exploitation attempts. According to network scanning engines, more than 1,500 Zyxel devices remain exposed online, significantly increasing the attack surface.

The flaws are as follows:

  1. CVE-2024-40891: Authenticated users can exploit a Telnet command injection due to improper command validation in the libcms_cli.so module. This allows attackers to execute arbitrary code through shell metacharacters.
  2. CVE-2025-0890: Weak default credentials on the devices, such as admin:1234, remain unchanged by many users, leaving systems vulnerable. The supervisor account holds hidden privileges, granting attackers full system access.

VulnCheck published the full exploitation details, including a proof of concept for one of the affected devices. Despite these devices being out of support for years, they remain widely used and continue to attract malicious attention.

What Undercode Says: Analyzing the Situation

The issue presented by Zyxel is a critical reminder of the persistent risks associated with legacy technology and the importance of timely device replacements. The fact that over 1,500 Zyxel devices are still exposed to the internet is alarming, especially given that the company no longer supports many of the affected models. With hackers increasingly targeting such vulnerabilities, the need for users to upgrade their devices has never been more pressing.

This vulnerability also highlights broader issues related to cybersecurity hygiene, such as the failure to change default credentials. While it might seem like a basic precaution, many users neglect to update these credentials, creating an easy entry point for attackers. In the case of Zyxel, the supervisor account’s hidden privileges mean that even a relatively low-level breach could result in full system control.

Furthermore, the use of outdated hardware and unsupported software is an ongoing challenge in the cybersecurity landscape. Companies often fail to recognize the risks posed by old devices and systems that continue to operate in production environments. It’s clear from the VulnCheck findings that these vulnerabilities are not just theoretical—exploitation attempts have already been observed in the wild. This underscores the importance of proactive security measures and timely updates.

Zyxel’s response, which suggests that users replace the affected devices with newer-generation models, is in line with standard best practices in the industry. However, the lack of patching or updates for legacy products may leave many users in a difficult position, especially those who rely on these devices for critical network functions. As attackers continue to refine their techniques, the continued use of unsupported devices puts organizations at a heightened risk.

In an era where cyberattacks are more sophisticated and widespread than ever, it is essential for businesses to keep their systems up to date. The failure to do so not only compromises the security of individual networks but also contributes to a broader risk to global cybersecurity.

Zyxel’s statement that it had requested a detailed report from VulnCheck in July but never received it raises concerns about the communication between security researchers and vendors. This incident highlights the importance of collaboration and transparency in the cybersecurity field. Timely disclosure of vulnerabilities and cooperative efforts between vendors and independent researchers can mitigate potential damage and improve overall system security.

The vulnerabilities in question, coupled with

To sum up, the situation with

References:

Reported By: https://www.bleepingcomputer.com/news/security/zyxel-wont-patch-newly-exploited-flaws-in-end-of-life-routers/
https://www.quora.com/topic/Technology
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Explore More: