Command Injection Vulnerability in Zyxel DSL CPE Firmware
CVE-2024-40891
Key Information:
- Vendor
- Zyxel
- Status
- Vendor
- CVE Published:
- 4 February 2025
Badges
What is CVE-2024-40891?
CVE-2024-40891 is a command injection vulnerability found in the Zyxel DSL CPE firmware, specifically impacting the VMG4325-B10A model running a legacy firmware version. This vulnerability allows an authenticated attacker to execute arbitrary operating system commands on the affected device through a Telnet interface. With such a capability, attackers can gain unauthorized control over network devices, potentially leading to serious security breaches within an organization. Given the role of DSL customer premises equipment (CPE) in network connectivity, the exploitation of this vulnerability could jeopardize the integrity and availability of organizational networks.
Technical Details
The vulnerability is categorized as a post-authentication command injection flaw, meaning that it requires an attacker to first authenticate to the device to exploit it. The command injection occurs in the handling of management commands within the firmware. Once authenticated, a malicious user can inject commands that are executed in the system's context, thus breaching the security of the device and the network it supports. The specific firmware version affected is 1.00(AAFR.4)C0_20170615, and the vulnerability remains unaddressed, as the issue is listed as unsupported when assigned.
Potential Impact of CVE-2024-40891
-
Unauthorized Control: The primary risk of this vulnerability is the potential for unauthorized control over the affected devices, allowing attackers to modify configurations or gain access to sensitive data transmitted through the network.
-
Network Compromise: Exploitation could lead to broader network security incidents, where an attacker gains entry into the organization’s network and can pivot to other systems or sensitive resources, potentially facilitating further attacks.
-
Service Disruption: Command injection vulnerabilities can also be used to disrupt services by altering system functionalities, which may lead to downtime or impaired functionality of network services for users relying on the affected devices.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
Affected Version(s)
VMG4325-B10A firmware <= 1.00(AAFR.4)C0_20170615
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Zyxel won't patch end-of-life routers against zero-day attacks | Te...
Networking hardware vendor Zyxel on Tuesday said it has no plans to patch affected end-of-life routers against three exploited zero-day vulnerabilities.
Help Net SecurityCVE-2024-40891Swap EOL Zyxel routers, upgrade Netgear ones! - Help Net Security
There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has finally confirmed.
Zyxel won’t patch newly exploited flaws in end-of-life routers
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models.
References
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
Vulnerability published
- 📰
First article discovered by The Hacker News
Vulnerability Reserved