Listen to this Post
2025-02-06
Zyxel, a Taiwanese networking equipment manufacturer, has announced that it will not be releasing patches for two serious zero-day vulnerabilities affecting multiple legacy DSL CPE products. This warning follows a report from threat intelligence firm GreyNoise, which revealed that over 1,500 devices are at risk of being compromised through a critical command injection vulnerability. The flaw has been exploited by a variant of the Mirai botnet, which is actively targeting these devices. Zyxel confirmed that the impacted models, which include several older DSL CPEs, will not receive any patches due to their age and discontinued support.
Summary:
Zyxel disclosed on Tuesday that two zero-day vulnerabilities (CVE-2024-40891 and CVE-2024-40890) affecting its legacy DSL CPE products will not be patched. These flaws, which allow attackers to execute arbitrary commands on vulnerable devices, have been actively exploited by a Mirai-based botnet. Zyxel confirmed that several DSL CPE models, including VMG1312-B10A, VMG3312-B10A, and VMG8324-B10A, are affected. Despite these critical vulnerabilities, Zyxel is not offering patches due to the legacy nature of the devices. Another vulnerability, CVE-2025-0890, was also identified, which enables attackers to log into devices using default credentials. Zyxel recommends that customers replace these devices with newer models for better protection.
What Undercode Says:
Zyxel’s decision not to patch these vulnerabilities in legacy devices underscores a critical issue that often gets overlooked in the realm of cybersecurity: the risks associated with aging and unsupported hardware. While Zyxel’s stance is consistent with industry practices regarding the end-of-life (EOL) of products, it leaves thousands of vulnerable devices exposed to attackers. This is particularly concerning when combined with the known exploitation of these vulnerabilities by botnets like Mirai.
The vulnerabilities CVE-2024-40891 and CVE-2024-40890 allow attackers to execute arbitrary commands on affected devices, leading to potential system compromise, data exfiltration, and full network takeover. This kind of exploitation represents a severe threat to any organization still relying on these devices for their network infrastructure. Furthermore, the hardcoded accounts and the potential for remote code execution highlight just how deeply insecure some legacy products can be, especially when paired with default configurations that are often never changed by end-users.
From an analytical perspective, the decision by Zyxel not to patch these flaws could be viewed as a cost-saving measure, which may be reasonable from a business standpoint, but it fails to address the ongoing security needs of users who may still be running these devices. In a perfect world, companies would provide support and patches for a longer period, especially given that many of these devices still remain in service. The absence of updates from Zyxel places a burden on the end-users, who must either bear the cost of upgrading to newer equipment or risk continued exposure to cyber threats.
The Mirai botnet’s incorporation of the CVE-2024-40891 vulnerability is a notable shift in the botnet’s targeting behavior. Traditionally associated with IoT devices, Mirai’s evolving capabilities show that cybercriminals are increasingly broadening their scope, targeting not just consumer-grade devices but also legacy networking equipment still in use by businesses and consumers. This shift emphasizes the need for a more proactive stance on device management and patching, particularly as new vulnerabilities are continuously discovered.
Moreover, the widespread presence of default credentials such as ‘admin’ and ‘supervisor’ in these devices is a clear indication of poor security practices that continue to plague the industry. Default credentials are often overlooked by users who fail to change them, leaving devices susceptible to attacks. Zyxel’s decision not to release patches for CVE-2025-0890, which involves these hardcoded accounts, further highlights the vulnerability of these systems.
Ultimately, the vulnerability landscape for network infrastructure devices like those manufactured by Zyxel is a cautionary tale for enterprises and individuals relying on legacy hardware. The reliance on outdated equipment that no longer receives security updates opens up potential attack vectors, creating opportunities for botnets and other malicious actors to exploit weaknesses. As Zyxel advises, replacing legacy equipment with newer, supported models is essential to mitigate risks and maintain robust cybersecurity hygiene.
In conclusion, while
References:
Reported By: https://www.securityweek.com/zyxel-issues-no-patch-warning-for-exploited-zero-days/
https://www.quora.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.help
